BEGIN:VCALENDAR VERSION:2.0 PRODID:-//ISACA Greater Washington, D.C. Chapter - ECPv6.16.4.1//NONSGML v1.0//EN CALSCALE:GREGORIAN METHOD:PUBLISH X-WR-CALNAME:ISACA Greater Washington, D.C. Chapter X-ORIGINAL-URL:https://isaca-gwdc.org X-WR-CALDESC:Events for ISACA Greater Washington, D.C. Chapter REFRESH-INTERVAL;VALUE=DURATION:PT1H X-Robots-Tag:noindex X-PUBLISHED-TTL:PT1H BEGIN:VTIMEZONE TZID:America/New_York BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20210314T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20211107T060000 END:STANDARD BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20220313T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20221106T060000 END:STANDARD BEGIN:DAYLIGHT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 TZNAME:EDT DTSTART:20230312T070000 END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0400 TZOFFSETTO:-0500 TZNAME:EST DTSTART:20231105T060000 END:STANDARD END:VTIMEZONE BEGIN:VEVENT DTSTART;TZID=America/New_York:20221105T090000 DTEND;TZID=America/New_York:20221119T170000 DTSTAMP:20221122T190937Z CREATED:20220910T153631Z LAST-MODIFIED:20221122T190937Z UID:29452-1667638800-1668877200@isaca-gwdc.org SUMMARY:CRISC® Fall 2022 Review Course DESCRIPTION:The GWDC is sponsoring an intensive 3-day virtual review course for the Certified in Risk and Information Systems Controls™ (CRISC®).  This review course will provide practical advice on preparing for the CRISC exam and specific instruction regarding the job practice areas addressed by CRISC as defined by ISACA® Global. The dates of this course are three (3) consecutive Saturdays: November 5\, 12\, and 19\, 2022 from 9 am to 5 pm eastern. \nThis event is intended for anyone sitting for the CRISC Exam. Students are expected to have prepared for the exam prior to attending the course. \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \nRegistration closed on November 4\, 2022 @ 5pm. Participants can use the link below to access CPE Certificates and the feedback survey. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nCourse Details \nAgenda \nDay 1  \n\n Introduction\n Governance (Domain 1)\n\nDay 2 \n\n IT Risk Assessment (Domain 2)\n Risk Response and Reporting (Domain 3)\n\nDay 3  \n\n Information Technology and Security (Domain 4)\n Practice Tests\n\n  \nMaterials Provided During the Course \nParticipants receive a Study Guide to help them prepare for the CRISC exam. The Study Guide contains a presentation\, a case study\, and 20 quiz questions for each domain in the official CRISC Review Manual. The Study Guide contains additional material such as suggested study approach\, exam taking tips\, list of “must know” vocabulary terms\, and other suggested readings to aid participants in their exam preparation. \n  \nStudy Materials \nThe instructor highly recommends that students purchase the CRISC Review Manual and the CRISC Review Questions\, Answers\, and Explanations Database – 12 Month. Below are the study materials available for purchase from the ISACA Bookstore: \n\n CRISC Review Manual\n CRISC Review Questions\, Answers & Explanations Manual\n CRISC Review Questions\, Answers & Explanation Database – 12 month subscription\n\n**It is highly recommended to order these at the earliest opportunity to avoid any possible delays in their availability for the start of the program. \n  \nAdditional Study Resources \nCandidates should review the Exam Candidate Guide and other resources on the ISACA CRISC page as part of their study program.  \n  \nInstructor \n \nJim Wiggins\n \nJim has over 25 years direct experience in the design\, operations\, management\, and auditing of information technology systems\, with the past 20 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses targeted at federal and government contracting clients. \nToday\, Jim is the founder and executive director of the Federal IT Security Institute (FITSI). FITSI is a 501c6 non-profit\, certification body accredited by the ANSI National Accreditation Board (ANAB) under ISO 17024. FITSI provides a role-based IT security certification program targeted at the federal workforce. \nJim is also the executive director of the FITSI Foundation. The FITSI Foundation is 501c3 public charity that runs the Wounded Warrior Cyber Combat Academy (W2CCA). \nAdditionally\, Jim provides education and training support for the National Risk Management Center (NRMC) at the Cybersecurity and Infrastructure Agency (CISA) inside of the Department of Homeland Security (DHS). \nIn 2011\, the Federal Information Systems Security Educators’ Association (FISSEA) named him “Educator of the Year” for the impact he continues to make in the federal workforce. \nIn 2019\, FCW Named Jim to the “Federal 100” for his work to tirelessly promote cybersecurity education across all branches of the federal government. \nJim holds the following IA/IT security certifications: CISSP\,ISSEP\, CISM\, CISA\, CySA+\, SCNA\, SCNP\, CAP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M. \n  \nAdditional Details \nVirtual Event Information \n\n This event will be presented virtually.  \n The instructor will email students prior to the event with instructions and additional information. \n\n  \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 21 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After completing the course\, students will be prepared to sit for the CRISC exam.\n Prerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/crisc-fall-2022-review-course/ LOCATION:Virtual Event CATEGORIES:Review Courses ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20221104T093000 DTEND;TZID=America/New_York:20221104T170000 DTSTAMP:20221120T130726Z CREATED:20220910T164017Z LAST-MODIFIED:20221120T130726Z UID:29469-1667554200-1667581200@isaca-gwdc.org SUMMARY:Seminar - Introduction to Auditing with PowerShell® Part 2: Objects and Scripting DESCRIPTION:This one-day virtual seminar is designed for students to expand their skills in using PowerShell® to perform audits. This course explores two fundamental aspects of using PowerShell: objects and scripting.  PowerShell is built around the concept that data in PowerShell is an object of a specific type.  An object can be as simple as text or number or as complex as a collection of objects. Auditors need to understand this concept to unlock the information stored in different object types and the actions that can be taken.  PowerShell is also more than a series of commands; it is a scripting language complete with its own version or popular scripting features and syntax. While built for systems administrators\, auditors can also use key aspects of PowerShell’s scripting language to write effective and repeatable scripts for use in their audits. \nThis seminar is for any Auditor\, IT Auditor\, or Cybersecurity professional who want to incorporate PowerShell into their toolkits for accomplishing audits and projects. \nRegistration closed on November 3\, 2022 @ 12pm.  Capacity is limited to 30 registrants. Participants can use the link below to access CPE Certificates and the feedback survey. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nRelated Seminar \nThis seminar builds on the concepts taught in the Introduction to Auditing with PowerShell Part 1: Overview and Basic Commands seminar. \n  \nSeminar Details \nSeminar Outline \n\n PowerShell refresher\n Understanding objects in PowerShell\n Object types and their properties and methods\n PowerShell scripting basics and best practices\n Tips for troubleshooting commands and scripts\n Practical Exercises\n\n  \nInstructor \n \nMike Howard\nCISA\, MBA \nMike Howard is an experienced IT auditor with over 27 years of IT auditing experience in the Federal Government. Mike is a technical auditor who has audited numerous technologies\, including mainframes\, Unix environments\, Active Directory\, databases\, Cisco devices\, and Windows computers. Mike embraces innovative technologies to accomplish his audits\, most notably using PowerShell to write custom scripts. Over the 10+ years that he has been using PowerShell\, he’s written over 300 PowerShell scripts. \nMike is also a member of the ISACA Greater Washington D.C. chapter and has served on the board for 16+ years\, most of the time as Internet/Communications Director. Mike is currently the Associate Director for Web Development\, where he manages the chapter’s website. Mike has also used PowerShell to accomplish tasks related to his Chapter duties\, including creating web pages\, calculating CPE credits\, and updating membership rosters. \nMike has a B.S. in Accounting from Old Dominion University and a Masters in Business Administration from George Mason University. \n  \nAdditional Details \nVirtual Event Information \n\n This event will be presented through Zoom.  The instructor will send an email with the zoom link prior to the event.\n Prior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls\n\n  \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 7 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter completing this course\, students will have skills to use objects in PowerShell and develop PowerShell scripts. \n\nAdditional CPE-Related Details \n\n Prerequisites: Students should have a basic understanding of PowerShell. The ISACA GWDC course Introduction to Auditing with PowerShell Part 1: Overview and Commands satisfies this prerequisite.\n Advance Preparation: The instructor will provide materials in advance of the course that should be saved to the student’s computer. Students can follow along with the instructor in executing PowerShell commands during the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/2022-fall-seminar-auditing-powershell-p2/ LOCATION:Virtual Event CATEGORIES:Special Seminars ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20221022T083000 DTEND;TZID=America/New_York:20221105T170000 DTSTAMP:20221120T130752Z CREATED:20220920T010310Z LAST-MODIFIED:20221120T130752Z UID:29505-1666427400-1667667600@isaca-gwdc.org SUMMARY:Certificate of Cloud Auditing Knowledge (CCAK™) Review Course DESCRIPTION:The GWDC is sponsoring an intensive 3-day virtual review course for the Certificate of Cloud Auditing Knowledge (CCAK™).  The dates of this course are three consecutive Saturdays: October 22\, 29\, and November 5\, 2022 from 8:30 am to 5:00 PM. \nThe CCAK course is designed to cover the following five core areas of focus: Cloud governance\, Cloud compliance\, Cloud auditing\, Cloud assurance\, and CSA tools. The course will provide knowledge on cloud security assessment methods and techniques\, and will assist students in updating their expertise in cloud and hybrid security auditing. CCAK is a joint project by Cloud Security Alliance® and ISACA®. The CCAK is the first credential available for industry professionals to demonstrate their expertise in the essential principles of auditing cloud computing systems. The CCAK credential and training program fills the gap in the market for technical education for cloud IT auditing. \nThis event is intended for anyone sitting for the CCAK Exam. Students are expected to have prepared for the exam prior to attending the course. \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \nRegistration closed on October 21\, 2022 @ 5pm. Participants can use the link below to access CPE Certificates and the feedback survey. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nCourse Details \nAgenda \nMODULE 1 – Cloud Governance \n\n Overview of governance\n Cloud assurance\n Cloud governance frameworks\n Cloud risk management\n Cloud governance tools\n\nMODULE 2 – Cloud Compliance Program \n\n Designing a cloud compliance program\n Building a cloud compliance program\n Legal and regulatory requirements\n Standards and security frameworks\n Identifying controls and measuring effectiveness\n CSA certification\, attestation and validation\n\nMODULE 3 – CCM and CAIQ Goals\, Objectives and Structure \n\n CCM\n CAIQ\n Relationship to standards: mappings and gap analysis\n Transition from CCM V3.0.1 to CCM V4\n\nMODULE 4 – A Threat Analysis Methodology for Cloud Using CCM \n\n Definitions and purpose\n Attack details and impacts\n Mitigating controls and metrics\n Use case\n\nMODULE 5 – Evaluating a Cloud Compliance Program \n\n Evaluation approach\n A governance perspective\n Legal\, regulatory and standards perspectives\n Risk perspectives\n Services changes implications\n The need for continuous assurance/continuous compliance\n\nMODULE 6 – Cloud Auditing \n\n Audit characteristics\, criteria & principles\n Auditing standards for cloud computing\n Auditing an on-premises environment vs. cloud\n Differences in assessing cloud services and cloud delivery models\n Cloud audit building\, planning and execution\n\nMODULE 7 – CCM: Auditing Controls \n\n CCM audit scoping guidance\n CCM risk evaluation guide\n CCM audit workbook\n CCM an auditing example\n\nMODULE 8 – Continuous Assurance and Compliance \n\n DevOps and DevSecOps\n Auditing CI/CD pipelines\n DevSecOps automation and maturity\n\nMODULE 9 – STAR Program \n\n Standard for security and privacy\n Open Certification Framework\n STAR Registry\n STAR Level 1\n STAR Level 2\n STAR Level 3\n\n  \nAbout the CCAK \nThe CCAK exam will be offered via Computer-Based Testing (CBT). \nRegistration for the CCAK exam is administered by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \n» Details on CCAK and Exam Registration \n  \nCCAK Exam Preparation \nStudents who wish to do the exam should purchase the exam study guide here. The Q&A database is purchased here and is helpful for the exam revision. \n  \nInstructor \n \nSushila Nair\nVice President\, Security Portfolio @ NTT DATA Services\, NTT DATA\, Inc.\nCISSP CISM CRISC CISA \nSushila Nair is certified by ISACA International to teach the CCAK Exam Review Course and specializes in cybersecurity\, risk\, and audit services. Sushila Nair is the current Vice President of the Greater Washington\, D.C. ISACA Chapter and has presented at CACS\, BrightTALK\, Seguruinfo and many other international events.  Sushila has taught review courses for the GWDC and ISACA Global. \n  \nAdditional Details \nVirtual Event Information \n\n This event will be presented virtually.  \n The instructor will email students prior to the event with instructions and additional information. \n\n  \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 21 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objectives \n\n Demonstrate key concepts of cloud governance and the role of assurance\, transparency and accountability in the cloud.\n Explain cloud risk management and the application of cloud governance tools.\n Devise the designing\, building and evaluating of a cloud compliance program based on laws\, regulations and regulatory standards.\n Apply control objectives\, technical and process controls\, security metrics and relate them to cloud control frameworks\, certification\, attestation and authorisations.\n Define and illustrate how to use the CSA Cloud Control Matrix and the CSA Top Threat Analysis Methodology.\n Build and execute an audit plan that addresses cloud concerns by utilising the Cloud Control Matrix.\n Discuss the impact of continuous assurance and auditing\, cloud automation\, native development and integration models on auditing and compliance .\n Describe the role of the CSA STAR Program.\n\n  \nCPE-Related Details \n\n Prerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/ccak-2022-fall-review/ LOCATION:Virtual Event CATEGORIES:Review Courses ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20221021T093000 DTEND;TZID=America/New_York:20221021T170000 DTSTAMP:20221120T130813Z CREATED:20220910T163238Z LAST-MODIFIED:20221120T130813Z UID:29463-1666344600-1666371600@isaca-gwdc.org SUMMARY:Seminar - Introduction to Auditing with PowerShell® Part 1: Overview and Basic Commands DESCRIPTION:This one-day virtual seminar is designed for students who want to learn different ways that PowerShell can be used in performing audits. Students will learn the basics of PowerShell\, including commands to import\, view\, summarize\, and export data. Students will also be taught how PowerShell can be used to obtain data from Windows Event Logs\, Active Directory\, Azure Active Directory\, and other data sources. \nThis seminar is for any Auditor\, IT Auditor\, or Cybersecurity professional who want to incorporate PowerShell into their toolkits for accomplishing audits and projects. \nRegistration closed on October 20\, 2022 @ 12pm. Capacity is limited to 30 registrants. Participants can use the link below to access CPE Certificates and the feedback survey. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nRelated Seminar \nIf this topic interests you\, the chapter is also offering an Introduction to Auditing with PowerShell Part 2: Objects and Scripting seminar. \n  \nSeminar Details \nSeminar Outline \n\n Overview of PowerShell\n Basics of Using PowerShell Commands\n PowerShell Commands to Import\, Summarize\, View\, and Export CSV Data\n Overview of Using PowerShell to Import Data from XML and Text Files\n Overview of Using PowerShell to Import Data from Windows Event Logs\n Overview of Using PowerShell to Import Data Word and Excel Files\n Overview of Using PowerShell to Import Data from Active Directory\n Overview of Using PowerShell to Import Data from Azure Active Directory\n Practical Exercises\n\n  \nInstructor \n \nMike Howard\nCISA\, MBA \nMike Howard is an experienced IT auditor with over 27 years of IT auditing experience in the Federal Government. Mike is a technical auditor who has audited numerous technologies\, including mainframes\, Unix environments\, Active Directory\, databases\, Cisco devices\, and Windows computers. Mike embraces innovative technologies to accomplish his audits\, most notably using PowerShell to write custom scripts. Over the 10+ years that he has been using PowerShell\, he’s written over 300 PowerShell scripts. \nMike is also a member of the ISACA Greater Washington D.C. chapter and has served on the board for 16+ years\, most of the time as Internet/Communications Director. Mike is currently the Associate Director for Web Development\, where he manages the chapter’s website. Mike has also used PowerShell to accomplish tasks related to his Chapter duties\, including creating web pages\, calculating CPE credits\, and updating membership rosters. \nMike has a B.S. in Accounting from Old Dominion University and a Masters in Business Administration from George Mason University. \n  \nAdditional Details \nVirtual Event Information \n\n This event will be presented through Zoom.  The instructor will send an email with the zoom link prior to the event.\n Prior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls\n\n  \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 7 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter completing this course\, students will have skills to use PowerShell to import\, summarize\, and output data. Students will also have an awareness of potential data sources that PowerShell can be used with. \n\nAdditional CPE-Related Details \n\n Prerequisites: Students should be familiar with using Windows and using CSV files.\n Advance Preparation: The instructor will provide materials in advance of the course that should be saved to the student’s computer. Students can follow along with the instructor in executing PowerShell commands during the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/2022-fall-seminar-auditing-powershell-p1/ LOCATION:Virtual Event CATEGORIES:Special Seminars ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20221013T083000 DTEND;TZID=America/New_York:20221013T123000 DTSTAMP:20221120T130614Z CREATED:20221006T214024Z LAST-MODIFIED:20221120T130614Z UID:29607-1665649800-1665664200@isaca-gwdc.org SUMMARY:2022 Cybersecurity Conference DESCRIPTION:The ISACA Greater Washington DC (GWDC) is proud to host the 2022 Cybersecurity conference. This seminar is part of our monthly sessions and is centered around the various important Cybersecurity topics such as\, Zero Trust\, Ransomware\, Hunting threats in Active Directory and Auditing Cybersecurity. \nBusiness leaders and managers\, executives\, technologists\, professionals\,  and students\, interested in staying current in the field of cybersecurity should attend this conference. \nRegistration closed on October 12\, 2022 @ 5pm. Participants can use the link below to access CPE Certificates\, feedback survey\, and presentations. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nConference Details \nAgenda \n8:30 – 9:30 Implement Zero Trust Principles in your Architecture \nPresenter: Adam Hesch (Amazon Web Services) \nZero trust has become a new industry buzzword\, but how do you actually implement it in your existing architecture today? In this session\, discover common architectural patterns for applications deployed on AWS and see how you can implement zero trust principles within them to improve your security outcomes. These examples will draw from common zero trust use cases (user\, device\, and system authentication and authorization) and technologies (software defined networks\, micro-segmentation\, policy enforcement points\, visibility\, and orchestration) to bring zero trust into your existing and future environments. \n  \n9:30 – 10:30 Threat Hunting with Windows Event Forwarding & MITRE ATTACK Framework \nPresenter: Gurvinder Singh \nIn this talk\, you will gain an overview of using Windows Event Forwarding (WEF) for incident detection\, with configuration and management workflows guidance. The talk will also provide an introduction to the MITRE ATT&CK Framework. \n  \n10:30 – 11:30 Bringing Active Directory back from Hell \nPresenter: Guido Grillenmeier \nThis session will cover what it’s like when your first gate of protection has already been broken through and you are trying to survive. The intruders are already in your network and have even compromised your Active Directory forest. It’s the story from a real-live IR-situation of how we recovered a middle-east company from an in-progress cyber-attack\, after their AD was already fully compromised. \n  \n11:30 – 12:30 Cybersecurity for Internal Auditors \nPresenter: Doug Murray & Raj Sawhney (Focal Point Data Risk) \nIn this presentation Doug Murray and Raj Sawhney provide IT Auditors and other IT Risk professionals guidance on how to conduct an effective Cybersecurity Audit. The IT Audit’s perspective as well as the CISO’s perspective is offered\, giving the attendees an opportunity to drive collaboration at their respective organizations. Tangible takeaways include how to apply the methodologies for Cybersecurity\, lessons learned from prior Cybersecurity reviews and the common pitfalls to avoid. The presentation is relevant for IT Risk professionals with limited knowledge of Cybersecurity or those with many years of experience looking to improve from practical experience. \n  \nPresenters \nAdam Hesch\nPrincipal Solutions Architect\, Amazon Web Services \nAdam is a Principal Solutions Architect supporting Federal Systems Integrators and Department of Defense customers with their migration to the cloud. He has spent the last year and a half working with federal customers on how to begin their Zero Trust journey on AWS and is currently the lead for the “Zero Trust Liftoff” team within AWS focused on helping customers meet federal zero trust related executive orders. \n  \nGurvinder Singh\nCyber Security & Privacy Leader\nCISSP\, CISA\, ITIL v3 \nGurvinder Singh is a Cybrary Instructor with Global Fortune 500 and 21 years of diversified industry experience. Gurvinder understands best practices\, information security architecture\, risk management\, compliance\, policy issues\, business continuity\, disaster recovery\, privacy\, governance\, prevention\, and countermeasure. Gurvinder has successfully communicated\, advised and managed global\, corporate-wide security issues and improved business processes. \n  \nGuido Grillenmeier\nChief Technologist @ Semperis \nGuido Grillenmeier is the Chief Technologist of Semperis. Based in Germany\, Guido has been a Microsoft MVP for Directory Services for 12 years. He spent 20+ years at HP/HPE as Chief Engineer. A frequent presenter at technology conferences and contributor to technical journals\, Guido is the co-author of Microsoft Windows Security Fundamentals. He’s helped various customers secure their Active Directory environments and supported their transition to Windows 10/m365 and Azure cloud services. \n  \nDoug Murray \nChief Information Security Officer (CISO)\, Global Cybersecurity\, Privacy and IT Audit Leader\nCISSP\, CISM\, CISA\, CRISC\, CDPSE \nAn experienced\, driven\, and accomplished Chief Information Security Officer and Leader\, with a wealth of experience while working for high-profile companies. Has extensive experience in information security\, data privacy\, IT risk\, and business continuity\, and is experienced in balancing strategic and execution requirements of enterprise information security programs which ensure confidentiality\, integrity\, and availability of data. A proven track record of success in transforming and maturing global information security organizations. \n  \nRaj Sawhney\nManaging Director\, IT and Internal Audit\, Cybersecurity and Business Process @ Focal Point Data Risk\nMSA\, MBA\, CISA\, CFE\, CCSIC\, CDPSE\, CIST\, CIMP\, CRISC\, CEH\, CISSP \nRaj Sawhney is a Managing Director in Focal Point Data Risk’s IT Audit and Advisory practice providing a variety of advisory solutions to companies in the Southern California region. Raj has led Internal Audit\, IT Audit and Cybersecurity engagements for large multi-national corporations utilizing a variety of industry best practices and domain specific guidance. Raj has Big-4 experience with KPMG and Deloitte Consulting\, and his international audit experience spans Germany\, China\, Singapore and India. Raj also brings a tremendous breadth and depth of IT Audit experience\, including SAP\, Oracle\, NetSuite\, Mainframe\, AS400\, PeopleSoft\, FiServ\, Unix\, Linux\, AWS and other cloud hosted applications. Raj has guided management in the remediation of significant issues around business process and I.T. including development of impactful audit reports\, SOX compliance and SOC certification programs. Raj is a regular speaker at audit & security conferences and completed his Masters in Computer Science and his M.B.A in Finance from UC Irvine. Raj also holds a CISA (Information Systems)\, CRISC (Risk and Controls)\, CIST (Information Security)\, CDPSE (Data Privacy)\, CCSK (Cloud security)\, CFE (Financial Fraud)\, and recently became a certified Cybersecurity Auditor. \n  \nAdditional Details \nVirtual Event Information \n\n This event will be presented through Zoom.  The instructor will send an email with the zoom link prior to the event.\n Prior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls\n\n  \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After this conference\, attendees will have a better understanding of current trends in cybersecurity such as Zero Trust\, Ransomware\, Identify hidden threats in Active Directory and risk and controls around cybersecurity.\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/2022-cybersecurity-conference/ LOCATION:Virtual Event CATEGORIES:Special Seminars ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220924T083000 DTEND;TZID=America/New_York:20221015T170000 DTSTAMP:20230213T211237Z CREATED:20220827T201807Z LAST-MODIFIED:20230213T211237Z UID:29389-1664008200-1665853200@isaca-gwdc.org SUMMARY:CISA® Fall 2022 Review Course DESCRIPTION:The GWDC is sponsoring an intensive 4-day virtual review course for the Certified Information System Auditor® (CISA®) exam.  This review course will provide practical advice on preparing for the CISA exam and specific instruction regarding the job practice areas addressed by CISA as defined by ISACA® Global. The dates of this course are four (4) consecutive Saturdays: September 24\, October 1\, 8\, and 15\, 2022 from 8:30 am to 5 pm eastern. \nThis event is intended for anyone sitting for the CISA Exam. Students are expected to have prepared for the exam prior to attending the course. \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \nRegistration closed on September 23\, 2022 @ 5pm. Participants can use the link below to access CPE Certificates and the feedback survey. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nCourse Details \nAgenda \nDay 1  \n\n Module 1 – The Process of Auditing Information Systems\n Module 2 – Governance and Management of IT\n\nDay 2 \n\n Module 3 – Information Systems Acquisition\, Development\, and Implementation\n\nDay 3  \n\n Module 4 – Information Systems Operations\, Maintenance\, and Support\n\nDay 4  \n\n Module 5 – Protection of Information Assets\n\n  \nMaterials Provided During the Course \nParticipants receive a Study Guide to help them prepare for the CISA exam. The Study Guide contains a presentation\, a case study\, and 20 quiz questions for each domain in the official CISA Review Manual. The Study Guide contains additional material such as suggested study approach\, exam taking tips\, list of “must know” vocabulary terms\, and other suggested readings to aid participants in their exam preparation. \n  \nStudy Materials \nThe instructor highly recommends that students purchase the CISA Review Manual and the CISA Review Questions\, Answers\, and Explanations Database – 12 Month. Below are the study materials available for purchase from the ISACA Bookstore: \n\n CISA Review Manual\n CISA Review Questions\, Answers & Explanations Manual\n CISA Review Questions\, Answers & Explanation Database – 12 month subscription\n\n**It is highly recommended to order these at the earliest opportunity to avoid any possible delays in their availability for the start of the program. \n  \nAdditional Study Resources \nCandidates should review the Exam Candidate Guide and other resources on the ISACA CISA page as part of their study program.  \n  \nInstructors \n\n \n\n\nJim Wiggins\n \nJim has over 25 years direct experience in the design\, operations\, management\, and auditing of information technology systems\, with the past 20 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses targeted at federal and government contracting clients. \nToday\, Jim is the founder and executive director of the Federal IT Security Institute (FITSI). FITSI is a 501c6 non-profit\, certification body accredited by the ANSI National Accreditation Board (ANAB) under ISO 17024. FITSI provides a role-based IT security certification program targeted at the federal workforce. \nJim is also the executive director of the FITSI Foundation. The FITSI Foundation is 501c3 public charity that runs the Wounded Warrior Cyber Combat Academy (W2CCA). \nAdditionally\, Jim provides education and training support for the National Risk Management Center (NRMC) at the Cybersecurity and Infrastructure Agency (CISA) inside of the Department of Homeland Security (DHS). \nIn 2011\, the Federal Information Systems Security Educators’ Association (FISSEA) named him “Educator of the Year” for the impact he continues to make in the federal workforce. \nIn 2019\, FCW Named Jim to the “Federal 100” for his work to tirelessly promote cybersecurity education across all branches of the federal government. \nJim holds the following IA/IT security certifications: CISSP\,ISSEP\, CISM\, CISA\, CySA+\, SCNA\, SCNP\, CAP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M. \n  \n\n\n \n\n\nTyler Harding \nSenior Manager\, Amazon Supply Chain \nCPA\, CISA\, CISM\, CISSP\, CAP\, GGEIT\, FITSP:A\, FITSP:M \nTyler Harding is a Senior Manager and leads a commercial and DoD compliance program at Amazon Supply Chain (supplychain.amazon.com). The Compliance team’s goal is to earn customer’s trust and maintain compliance with multiple information security certifications such as ISO 27001\, AICPA SOC 2\, HiTRUST\, and NIST SP 800-171. Prior to his role at Amazon Supply Chain\, Tyler was the DoD Security and Compliance Manager for AWS and led efforts to accredit AWS cloud services to Impact Levels 4 and 5 under DoD’s Cloud Computing Security Requirements Guide (CC SRG). \nBefore joining Amazon in 2019\, Tyler spent over 20+ years in public accounting firms such as PWC\, KPMG\, and Kearney & Company in their respective IT audit practices and led engagement teams through many SOC 1\, FISMA\, and financial statement audits. \nAs a recovering IT auditor\, Tyler now enjoys his Summers and Falls swimming\, cycling\, and playing an occasional round of golf! Tyler has also supported the ISACA Greater Washington D.C. Chapter for over 20 years by teaching CISA\, CISM\, and CGEIT review courses. \n\n  \nAdditional Details \nVirtual Event Information \n\n This event will be presented virtually.  \n The instructor will email students prior to the event with instructions and additional information. \n\n  \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 32 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After completing the course\, students will be prepared to sit for the CISA exam.\n Prerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/cisa-fall-2022-review-course/ LOCATION:Virtual Event CATEGORIES:Review Courses ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220922T083000 DTEND;TZID=America/New_York:20220922T123000 DTSTAMP:20221120T131736Z CREATED:20220916T145238Z LAST-MODIFIED:20221120T131736Z UID:29481-1663835400-1663849800@isaca-gwdc.org SUMMARY:2022 Cloud Implementation and Security Conference DESCRIPTION:The ISACA Greater Washington DC (GWDC) is proud to host the Cloud Implementation and Security virtual conference. This conference is part of our monthly events and is centered around the introduction of Cloud auditing\, security in the Cloud\, implementing Cloud Center of Excellence\, and introduction to the latest Cloud audit certification. \nCloud security and enablement professionals\, IT advisory or audit professionals\, business executives\, cybersecurity professionals\, students or professionals interested in learning more about cloud in the public sector space should attend this conference. \nRegistration closed on September 21\, 2022 @ 5pm. Participants can use the link below to access CPE Certificates and the feedback survey. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nConference Details \nAgenda \n8:30 – 9:30 Cloud Security Overview and Best Practices \nPresenter: Don Mann (Arctic Wolf) \nThis presentation will provide an overview of Cloud Security. We will discuss some of the unique considerations of Cloud Security when moving from on-premises. We will review some core best practices and some consumable tips on how to evaluate or improve your cloud security. \n  \n9:30 – 10:30 Introduction to the Certificate of Cloud Auditing Knowledge (CCAK) \nPresenter: Sushila Nair (NTT DATA) \nThe Certificate of Cloud Auditing Knowledge (CCAK) is the first-ever\, technical\, vendor-neutral credential for cloud auditing. This certificate fills a gap in the industry for competent technical professionals who can help organizations mitigate risks and optimize ROI in the cloud. \n  \n10:30 – 11:30 Implementation of Cloud Center of Excellence \nPresenter: Aimee Bechtle (Amazon Web Services) \nCloud Centers of Excellence (CCoE) are critical to successful\, sustained cloud adoptions at-scale. In this talk Aimee Bechtle will describe why and when a CCoE is needed and the mechanisms that maximize and amplify a cloud adoption. \n  \n11:30 – 12:30 The Problem of Siloed Identities for Security and Compliance \nPresenter: Garret Grajek (YouAttest) \nThis presentation will overview how a proper access review should be conducted including the challenges and best practices to tying the “Siloed Resources” to the IS0R (identity store of record). The key is to map identified siloed resources to the DEFINED and managed:groups/roles” in the ISoR. \n  \nPresenters \nDon Mann\nSenior Systems Engineer\, Arctic Wolf \nDon has been in the IT industry for over 25 years. He worked as an IT professional in the USAF as well as biotech\, and then spent time consulting with customers at a technology reseller. Most recently he spent the last 3 years working for Amazon Web Services before joining Arctic Wolf\, a security operations cloud provider. \n  \nSushila Nair\nVice President\, Security Portfolio @ NTT DATA Services\, NTT DATA\, Inc.\nCISSP CISM CRISC CISA \nSushila Nair specializes in cybersecurity\, risk\, and audit services. Sushila Nair is the Vice President of the Greater Washington\, D.C. ISACA Chapter and has presented at CACS\, BrightTALK\, Seguruinfo and many other international events.  She has taught several review courses\, including the CCAK review course\, for the GWDC chapter and ISACA Global.  \n  \nAimee Bechtle\nSolutions Architecture Leader \, Amazon Web Services \nAimee leads AWS Solutions Architecture for Enterprise Engaged customers in the Mid-Atlantic and Carolinas. Her experience is in leading large organizations to adopt agile\, DevOps\, product and the public cloud. She specializes in building high performing product teams using modern application architectures and technical practices. Aimee has been at AWS since December of 2020. Prior to joining AWS Aimee spent 16 years as a Software Systems Engineer at The MITRE Corporation\, 4 years leading DevOps transformations and cloud adoption at Capital One\, and 1 year as the Head of DevOps and Cloud Centers of Excellence at S&P Global in the Market Intelligence division. Aimee has her B.S. in Management Science – Decision Support Systems from Virginia Tech and a M.S. in Systems Engineering from Johns Hopkins University. She lives in Vienna\, VA with her husband\, four children and two dogs. \n  \nGarret Grajek\nChief Executive Officer\, YouAttest\nCEH\, CISSP \nGarret Grajek is a certified security engineer and product builder. Garret has 25+ years of IT Security product creation. He has 13 U.S. patents for information security products (focus: Application SSO\, 2FA\, Identity Assurance\, Continuous Authentication\, AI and Blockchain). Garret has specialized in creating secureIT products for markets in the Financial\, Health Care\, Federal\, State\, Education and other regulated arenas. Products Garret has created resulted in multiple awards\, Gartner ranking\, and sold to over 500 customers resulting in $200M+ in revenue. \n  \nAdditional Details \nVirtual Event Information \n\n This event will be presented through Zoom.  The instructor will send an email with the zoom link prior to the event.\n Prior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls\n\n  \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org. \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After this conference\, attendees will have a better understanding of the the process of implementing Cloud Center of Excellence and securing and audit Cloud environment in their organization.\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/2022-cloud-conference/ LOCATION:Virtual Event CATEGORIES:Special Seminars ORGANIZER;CN="Avneet Sabharwal":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220910T083000 DTEND;TZID=America/New_York:20220924T163000 DTSTAMP:20230213T211323Z CREATED:20220827T103531Z LAST-MODIFIED:20230213T211323Z UID:29320-1662798600-1664037000@isaca-gwdc.org SUMMARY:CISM® Fall 2022 Review Course DESCRIPTION:The GWDC is sponsoring an intensive 3-day virtual review course for the Certified Information Security Manager® (CISM) Exam. The CISM® review course will provide practical advice on preparing for the CISM exam and specific instruction regarding the job practice areas addressed by CISM as defined by ISACA® Global. The dates of this course are three (3) consecutive Saturdays from September 10\, 17\, and 24\, 2022 from 8:30 am to 4:30pm Eastern. \nThis event is intended for anyone sitting for the CISM Exam. Students are expected to have prepared for the exam prior to attending the course. \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \nRegistration closed on September 9 @ 5pm. Participants can use the link below to access CPE Certificates\, feedback survey\, and presentations. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nCourse Details \nAgenda \nDay 1  \n\n Module 1 – Information Security Governance\n Module 2 – Information Security Risk Management\n\nDay 2 \n\n Module 3 – Information Security Program\n Module 4 – Incident Management\n\nDay 3  \n\n Module 5 – Exam Preparation Strategies\n\n  \nMaterials Provided During the Course \nParticipants receive a Study Guide to help them prepare for the CISM exam. The Study Guide contains a presentation\, a case study\, and 20 quiz questions for each domain in the official CISM Review Manual. The Study Guide contains additional material such as suggested study approach\, exam taking tips\, list of “must know” vocabulary terms\, and other suggested readings to aid participants in their exam preparation. \n  \nStudy Materials \nThe instructor highly recommends that students purchase the CISM Review Manual and the CISM Review Questions\, Answers\, and Explanations Database – 12 Month. Below are the study materials available for purchase from the ISACA Bookstore: \n\n CISM Review Manual\n CISM Review Questions\, Answers & Explanations Manual\n CISM Review Questions\, Answers & Explanation Database – 12 month subscription\n\n**It is highly recommended to order these at the earliest opportunity to avoid any possible delays in their availability for the start of the program. \n  \nAdditional Study Resources \nCandidates should review the Exam Candidate Guide and other resources on the ISACA CISM page as part of their study program.  \n  \nInstructor \n \nJim Wiggins\n \nJim has over 25 years direct experience in the design\, operations\, management\, and auditing of information technology systems\, with the past 20 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses targeted at federal and government contracting clients. \nToday\, Jim is the founder and executive director of the Federal IT Security Institute (FITSI). FITSI is a 501c6 non-profit\, certification body accredited by the ANSI National Accreditation Board (ANAB) under ISO 17024. FITSI provides a role-based IT security certification program targeted at the federal workforce. \nJim is also the executive director of the FITSI Foundation. The FITSI Foundation is 501c3 public charity that runs the Wounded Warrior Cyber Combat Academy (W2CCA). \nAdditionally\, Jim provides education and training support for the National Risk Management Center (NRMC) at the Cybersecurity and Infrastructure Agency (CISA) inside of the Department of Homeland Security (DHS). \nIn 2011\, the Federal Information Systems Security Educators’ Association (FISSEA) named him “Educator of the Year” for the impact he continues to make in the federal workforce. \nIn 2019\, FCW Named Jim to the “Federal 100” for his work to tirelessly promote cybersecurity education across all branches of the federal government. \nJim holds the following IA/IT security certifications: CISSP\,ISSEP\, CISM\, CISA\, CySA+\, SCNA\, SCNP\, CAP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M. \n  \nAdditional Details \nVirtual Event Information \n\n This event will be presented online through Microsoft Teams.  \n The instructor will email students prior to the event with instructions and additional information. \n\n  \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 24 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event and respond to polling questions to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After completing the course\, students will be prepared to sit for the CISM exam.\n Prerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/2022-cism-fall-review/ LOCATION:Virtual Event CATEGORIES:Review Courses ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220818T083000 DTEND;TZID=America/New_York:20220818T123000 DTSTAMP:20221226T142522Z CREATED:20220701T100158Z LAST-MODIFIED:20221226T142522Z UID:29242-1660811400-1660825800@isaca-gwdc.org SUMMARY:Summer Seminar - Shifting to High Value Work Through Technology DESCRIPTION:   \nTechnology continues to evolve advancing operational efficiency by enabling personnel to focus on high value work and deliver outputs of higher quality and in a more expedient manner.  Join ISACA Greater Washington DC and Guidehouse for its summer seminar on Shifting to High Value Work Through Technology. \nIT program managers and professionals\, information system functional users and business owners\, business executives\, students or professionals interested in adopting emerging technologies to enhance operational efficiencies of organizations should attend this event. \nRegistration closed on August 17th @ 5PM. Participants can use the link below to access CPE Certificates and the feedback survey. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nConference Details \nAgenda \n08:30 – 9:30 – Machine Learning Adoption to Fight Financial Crime \nPresenters: Salvatore LaScala and Tim Mueller (Guidehouse) \n“The adoption of machine learning (ML) in fighting financial crime will likely explode as technology solutions become more effective and efficient-driven by work-stream prioritization\, product maturity\, and refinement of implementation processes.” \nThis was the key takeaway from a global survey conducted in 2020\, “The Evolving Role of ML in Fighting Financial Crime\,” conducted by Guidehouse and Compliance Week\, in partnership with the International Compliance Association. While survey responses demonstrated similarities between US and Europe (UK/EU) organisations\, our analysis also identified notable differences among participants in both regions. This article examines key areas where European survey responses deviated from those by US or global participants. This should be of particular interest to European organisations wishing to benchmark maturity against both global and European peers. \n  \n 09:30 – 10:30 – Leading Practices: Agency Acquisition Policies Could Better Implement Key Product Development Principles \nPresenters: Chris Durbin and Brian Smith (Government Accountability Office) \nLeading commercial companies\, such as Amazon and SpaceX\, take a disciplined approach to develop innovative products that satisfy their customers’ needs. This approach allows leading companies to deliver their products to market on time and within planned costs.\nUnlike private companies\, federal agencies don’t have to focus on profit margins and return on investments. But\, they are charged with ensuring that taxpayers get the best return on their dollars. And despite environmental differences\, GAO has long found that agencies can still benefit from leading companies’ disciplined approaches to developing and delivering products.\nIn a new report\, GAO looked at how some of the federal government’s biggest spenders-the Departments of Defense and Homeland Security and NASA-invest billions of dollars to buy things like stealth jets\, silent subs\, and lunar rovers\, all with complex software. \n  \n10:30 – 11:30 – GovTech Maturity Index \nPresenter: Cem Dener and Kimberly Johns (World Bank) \nGovernments have been using technology to modernize the public sector for decades. The World Bank Group (WBG) has been a partner in this process\, providing both financing and technical assistance to facilitate countries’ digital transformation journeys since the 1980s. The WBG launched the GovTech Initiative in 2019 to support the latest generation of these reforms. Over the past five years\, developing countries have increasingly requested WBG support to design even more advanced digital transformation programs. These programs will help to increase government efficiency and improve the access to and the quality-of-service delivery\, provide more government-to-citizen and government-to-business communications\, enhance transparency and reduce corruption\, improve governance and oversight\, and modernize core government operations. The GovTech Initiative appropriately responds to this growing demand. The GovTech Maturity Index (GTMI) measures the key aspects of four GovTech focus areas-supporting core government systems\, enhancing service delivery\, mainstreaming citizen engagement\, and fostering GovTech enablers-and assists advisers and practitioners in the design of new digital transformation projects. \n  \n11:30 – 12:00 – Process Automation: An Untapped Opportunity for Government Agencies \nPresenter: Caitlin McGurn and Ranyah Salous (Guidehouse) \nGovernment and public sector organizations today are under constant pressure to generate more value\, enhance their operational efficiencies\, and attract and retain skilled employees-all while facing increasing levels of risk and public scrutiny. \nWithin such a dynamic environment\, leveraging automation is key to transforming an organization’s operating model. The challenge is that implementing and monitoring controlled\, automated processes can be complex\, costly\, and require specialized resources. Many organizations perceive developing automated processes as “a moving target” requiring constant improvements and new emerging technologies. \nConversely\, this presents the opportunity for organizations to apply custom\, targeted solutions focused solely on their needs with the help of a team experienced in implementing such bespoke solutions. \nIn 2020\, FedScoop surveyed federal and state government IT\, business\, and program executives on their organization’s automation environment maturity. A large majority of respondents to this survey foresee considerable value in using automation-with 48% of respondents reporting already-implemented tools have saved them 5\,000 to 100\,000+ hours of work\, allowing their staff to focus on higher-impact efforts. \n  \n12:00 – 12:30 – General Services Administration (GSA) Robotic Process Automation Program  \nPresenters: Anthony Cavallo and Brian Mooers (General Services Administration) \nThe GSA established a centralized RPA program and have deployed automations in nearly all business lines and mission support offices including real estate\, acquisition\, finance\, HR\, IT\, and administrative services. Within three years of program initiation\, GSA RPA PMO deployed 101 cumulative bots using a streamlined RPA Factory approach. By the end of FY 21\, the GSA RPA PMO delivered over 300\,000 annualized hours of capacity\, averaging over 3\,000 hours per bot. The PMO trained\, developed\, and redeployed existing CFO employees in RPA development and integrated process redesign and improvement capabilities including process mapping\, reengineering\, future state planning\, and performance measurement into RPA projects. \n  \nPresenters \nSalvatore LaScala\nHead of Global Investigations and Compliance Practice\, Guidehouse \nSalvatore LaScala is a partner and head of Guidehouse’s Global Investigations and Compliance practice. Possessing a broad range of subject matter knowledge and expertise\, Salvatore applies his 20+ years of hands-on experience to conduct investigations and compliance reviews on behalf of financial institution clients responding to regulatory or law enforcement matters concerning anti-money laundering (AML)\, Bank Secrecy Act (BSA)\, USA PATRIOT Act and Office of Foreign Assets Control (OFAC). \n  \nTim Mueller\nPartner\, Guidehouse \nTim Mueller\, with extensive experience in process transformation and technology implementation is the Financial Services (FS) Segment Technology Leader. In addition to Tim’s broad FS leadership role\, he is also a member of the Financial Crimes practice. He leads the technology and data analytics team which focuses on assisting clients with selection\, implementation and review of fraud\, anti-money laundering (AML) and sanctions screening technology platforms. His team works with clients to: incorporate machine learning and artificial intelligence into current financial crime platforms; evaluate systems governance; review risk coverage for transaction monitoring detection scenarios and sanctions name matching algorithms; perform system tuning to maximize effectiveness while minimizing false positives; perform model validation projects; and\, support data handling and analytics for large scale file and transaction reviews. Recent projects have involved assisting both regulators and financial institutions with providing the information technology functionality necessary to identify potential financial crime\, and to comply with BSA/AML requirements. \n  \nChris Durbin\nAssistant Director\, Government Accountability Office \nChris Durbin is an assistant director in the U.S. Government Accountability Office’s (GAO) Contracting and National Security Acquisitions team. He has 19 years of experience evaluating Department of Defense (DOD) acquisition programs\, policies\, and culture. He has previously overseen GAO’s annual assessments of execution risks and performance in over 80 major weapons acquisition programs. He has also overseen defense science and technology reviews on topics that included leading practices in innovation investments and management\, laboratory governance\, and industry independent research and development. Currently\, he is overseeing new work evaluating DOD’s middle tier of acquisition pathway as well as follow-on work related to his team’s March 2022 report on key principles for product development. \n  \nBrian Smith\nSenior Analyst\, Government Accountability Office \nBrian Smith is a senior analyst in the U.S. Government Accountability Office’s (GAO) Contracting and National Security Acquisitions team. For the last six years\, he has worked on reviews related to the Department of Defense’s science & technology efforts\, including best practices in innovation investments and management\, laboratory governance\, and industry independent research and development\, as well as GAO’s efforts to refresh its leading practices methodology used to assess DOD\, DHS\, and NASA acquisitions. \n  \nCem Dener\nLead Governance Specialist\, Information Systems & Chair\, FMIS Community of Practice\, Governance\, World Bank \nCem Dener is currently the Chair of Financial Management Information Systems Community of Practice (FMIS CoP) in the Governance Global Practice (GGP) of the World Bank. Dr. Dener made significant\, original contributions to Public Financial Management (PFM) and e-Government reform programs in more than 40 countries over the past two decades by providing strategic advisory and hands on support for building effective and transparent digital solutions. He led the establishment of the FMIS CoP in 2010 to exchange knowledge and experiences and disseminate good practices\, and develop leading edge knowledge products based on new datasets. He has extensive system design and application development experience gained in private and public sector projects\, as well as in academic studies\, prior to the World Bank. \n  \nKimberly Johns\nSenior Public Sector Specialist\, World Bank \nKimberly Johns is a senior public sector specialist and global lead for Govtech in the World Bank’s Governance Global Practice. Her work focuses on whole of government digital transformation\, digital governance\, service delivery and citizen engagement. She has over 15 years of experience working on topics of technology and solutions development\, institutional and policy reform in Africa\, Europe\, and the Middle East and has contributed to a number of reports targeting governance issues including administrative burden\, accountability and corruption. Kimberly holds a Ph.D. in Public Administration (specializing in Science\, Technology and Information Policy and Research Methods) from the University of Illinois at Chicago and a Master of Science in Public Service Management from DePaul University. \n  \nCaitlin McGurn\nPartner\, Guidehouse \nCaitlin McGurn is a partner focusing on financial management\, risk management\, strategic planning\, project management\, business transformation and asset management and disposition. At Guidehouse\, Caitlin works on clients in the area of financial services\, including the U.S. Department of Education\, National Credit Union Administration and the U.S. Department of Treasury. Caitlin has more than 15 years of experience and joined PwC as an assurance intern in Boston. She has worked in multiple areas\, including commercial assurance\, systems and process assurance and advisory consulting. Caitlin has supported clients in an advisory capacity across both the commercial and public sectors. \n  \nAnthony Cavallo\nRobotic Process Automation Program Director\, General Services Administration \nAnthony Cavallo is the lead robotic process automation (RPA) developer for the Robotic Process Automation Division in the GSA Office of the Chief Financial Officer\, which has launched more than 50 automations. No stranger to automation\, Anthony has been automating processes throughout his career\, primarily through financial reporting. Anthony has created and managed key business intelligence tools within OCFO that are used to automate reports\, dashboards\, and visualizations. \n  \nBrian Mooers\nSenior Analyst\, General Services Administration \nBrian Mooers is a full-time Lean Six Sigma Black Belt and is currently a member of the General Services Administration’s Robotics Process Automation Project Management Office (PMO). As a senior analyst\, he works with customers to identify processes for automation and then helps document and optimize the processes before moving projects to the development stage. Brian holds a master’s degree in information technology\, specializing in database systems from the University of Maryland\, College Park\, and is currently working on his master’s in business administration from Virginia Tech. \n  \nAdditional Details \nVirtual Event Information \n\n This event will be presented through Zoom.  Each registrant will receive a personalized Zoom link by email prior to the event.\n Prior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.\n\n  \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nPresentations \nAny presentations made available by the presenters will be emailed to the event participants.   \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event and respond to polling questions to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After completing this event\, students will have a better understanding of the latest trends and current topics for adopting emerging technologies to enhance operational efficiencies of organizations.\n Prerequisites:  None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group-Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/2022-summer-seminar-shifting-to-high-value-work-through-technology/ LOCATION:Virtual Event ORGANIZER;CN="Jose Torres":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220721T083000 DTEND;TZID=America/New_York:20220721T123000 DTSTAMP:20221122T190105Z CREATED:20220701T100135Z LAST-MODIFIED:20221122T190105Z UID:29238-1658392200-1658406600@isaca-gwdc.org SUMMARY:Summer Seminar - Hardening IT Security Posture DESCRIPTION:   \nOrganizations face complex security challenges and need to prepare in addressing current and future technology risks\, protect their operations and sensitive data\, and comply with regulatory requirements. Join ISACA Greater Washington DC and Guidehouse for its summer seminar on Hardening IT Security Posture.  \nIT program managers\, cybersecurity professionals\, IT audit professionals\, business executives\, students or professionals interested in learning about enhancing IT security posture of organizations should attend this event. \nRegistration closed on July 20th @ 5PM. Participants can use the link below to access CPE Certificates\, feedback survey\, and presentations (if available). Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nConference Details \nSessions \nAdopting Zero Trust to Align with Cybersecurity Executive Order \nPresenters: Amanda Kane and Christine Owen (Guidehouse) \nRecent cybersecurity breaches are evidence of the need for contextual authentication and authorization to protect mission-critical technology components. Zero Trust Architecture (ZTA) meets this need by unifying security tools from multiple security domains to create an active security posture within a network’s perimeter. \nThe integration of strong identity and access management (IAM) principles is the underlying foundation that must be present for a well-built ZTA. Agencies are in different stages of migrating to ZTA-from researching to preparing their systems to remove the traditional perimeter. However\, agencies have found difficulty with procurement and deployment of the right tools due to a variety of issues\, including lack of funding\, reliance on legacy systems\, or even inability to properly staff migration projects. These setbacks are slowing the necessary preparation for emerging cyber threats and accruing technical debt in the process. \n  \nFedRAMP Strategic Initiatives \nPresenter:  Brian Conrad (GSA FedRAMP) \nFedRAMP has seen an incredible increase in the adoption of the program\, which is marked by both an increase in agency participation and reuse of authorizations. Brian Conrad\, FedRAMP’s Acting Director\, will highlight FedRAMP’s growth and the program’s FY21 focus on strategic initiatives – like automation and a threat-based authorization approach – to transform FedRAMP\, with a focus on continued partnerships with stakeholders.   In addition\, Brian will also touch on the high-level updates that were made to the draft Authorization Boundary Guidance which is currently open for public comment. \n  \nCybersecurity Maturity Model Certification (CMMC) Updates \nPresenter:  Stacy Bostjanick (Department of Defense) \nThe Department of Defense migrated to its new Cybersecurity Maturity Model Certification (CMMC) framework to assess and enhance the cybersecurity posture of the Defense Industrial Base. The CMMC will encompass multiple maturity levels that ranges from “Basic Cybersecurity Hygiene” to Advanced/Progressive”. The intent is to incorporate CMMC into Defense Federal Acquisition Regulation Supplement (DFARS) and use it as a requirement for contract award. Ms. Stacy Bostjanick of Under Secretary of Defense (OUSD) for Acquisition and Sustainment (A&S) will provide greater insights on CMMC and how it furthers secure the DoD Supply Chain. \n  \nRansomware in Healthcare \nPresenter:  Phil Boone (Guidehouse) \nData has shown ransomware attacks targeting healthcare organizations have skyrocketed amid the pandemic and will only increase due to a myriad of factors. Guidehouse has delivered cybersecurity solutions to federal agencies including CMS\, NIH\, and CDC to proactively mitigate risks that could be exploited to install ransomware. This session will provide examples of how healthcare organizations have implemented cybersecurity measures to decrease the likelihood of becoming a ransomware victim. \n  \nSecuring Healthcare Data in the Cloud \nPresenter:  Sarah Groves (Guidehouse) \nAs more and more healthcare organizations transition to the cloud\, attackers are finding it increasingly valuable to target and exploit Cloud Service Providers (CSPs) to access sensitive information\, such as Protected Health Information (PHI) . Organizations may think most of their security responsibility is transferred to the CSP once they have transitioned to the cloud\, but their work is just beginning.  This session will provide examples of how organizations can help prevent an attack and remain compliant once they have migrated their healthcare systems to the cloud and how Guidehouse has delivered solutions to clients that have helped defend them from cloud attacks. \n  \nPresenters \nAmanda Kane\nCybersecurity Director\, Guidehouse \nAmanda Kane leads the Identity and Access Management (IAM) offering within the Advanced Solutions Cybersecurity Solutions Team. Amanda works with clients so that the right people\, have the right access\, to the right resources\, for the right reasons. By taking an identity-centric approach\, Amanda works supports clients in establishing IAM strategies\, creating IAM solution roadmaps\, and implementing IAM technical solutions in the areas of: identity governance\, credentialing solutions\, privileged access management\, logical access control systems\, and physical access control systems. \n  \nChristine Owen\nCybersecurity Director\, Guidehouse \nChristine is a recovering attorney who found solace in identity and access management (IAM) consulting. She is interested in securing people\, things\, applications\, devices\, and the cloud using IAM principles. Christine is one of the leaders of the Identity and Access Management Team within the Cybersecurity Team at Guidehouse. She currently oversees and manages a substantial (20+) team comprised of multiple companies and contracts to provide enterprise IAM solutions to a large Federal agency. \n  \nBrian Conrad\nActing Director and Program Manager for Cybersecurity\, GSA FedRAMP \nBrian Conrad joined the FedRAMP team in December 2018\, bringing with him a wealth of technical knowledge and leadership experience. Prior to joining GSA\, Brian served for 21 years in the United States Marine Corps\, gaining experience in leadership\, telecommunications/IT\, government acquisition\, and project management. At GSA\, Brian leads efforts associated with formulating and facilitating FedRAMP’s overall strategic initiatives and future goals. Additionally\, Brian works hand-in-hand with government and industry\, developing an understanding of emerging technology and innovation. Finally\, in the short term\, Brian will be supporting Joint Authorization Board efforts by leading on-going assessment and authorization activities. Brian holds an M.S. in Information Technology Management from the U.S. Naval Postgraduate School\, a B.A. in History with a minor in Economics from the University of Memphis\, and various industry certifications. \n  \nStacy Bostjanick\nDirector of Cybersecurity Maturity Model Certification Policy\, DoD OUSD A&S \nStacy Bostjanick is currently serving as the OUSD A&S\, Director of Cybersecurity Maturity Model Certification (CMMC) Policy. In this role\, she is responsible for managing the initiation of the CMMC program and is responsible for establishing all Policy and Procedures regarding the CMMC. Previously\, she served as the DIA\, Head of Contracting Activity in which she was responsible for planning\, managing\, directing\, and accomplishing the total DIA procurement program. Ms. Bostjanick has also worked as a Senior Contracting Officer for the Missile Defense Agency on the Standard Missile 3 Block IA and IB development and production program. She was responsible for cradle-to-grave execution of over $5 billion of highly-complex\, cutting-edge contracts for our nation’s missile defense systems. \n  \nPhil Boone\nManaging Consultant\, Guidehouse \nPhil Boone is a Managing Consultant at Guidehouse and has more than twelve years of experience providing cybersecurity and risk management consulting services to Federal government\, healthcare\, and state and local government clients. His areas of expertise include security assessments\, technical assurance\, and security program development. Prior to joining Guidehouse\, Phil provided M&A cyber due diligence services to large health systems in the U.S. He holds a Bachelor of Science degree in Business Information Technology from the Virginia Polytechnic Institute and State University – Pamplin College of Business and is a Certified Information Systems Auditor (CISA). \n  \nSarah Groves\nAssociate Director\, Guidehouse \nSarah Groves is an Associate Director at Guidehouse with more than ten years of experience providing cybersecurity consulting services to both public and private sector clients. Her range of experience includes advising clients on cyber audit preparation and remediation\, cybersecurity strategy\, and cloud security. Ms. Groves has led and managed teams providing large-scale security control reviews and remediation advisory support. She holds her Masters in Information Management Systems from Harvard University Extension School and her Bachelors in Computer Information Systems from James Madison University. \n  \nAdditional Details \nVirtual Event Information \n\n This event will be presented through Zoom.  Each registrant will receive a personalized Zoom link by email prior to the event.\n Prior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.\n\n  \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After completing this event\, students will have a better understanding of the latest risks and current topics on hardening an organization’s IT security posture.\n Prerequisites:  None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group-Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/2022-summer-seminar-hardening-it-security-posture/ LOCATION:Virtual Event ORGANIZER;CN="Jose Torres":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220615T083000 DTEND;TZID=America/New_York:20220615T163000 DTSTAMP:20221122T200805Z CREATED:20220515T192445Z LAST-MODIFIED:20221122T200805Z UID:29141-1655281800-1655310600@isaca-gwdc.org SUMMARY:2022 Annual Meeting DESCRIPTION:The ISACA® GWDC Annual Meeting is the Chapter’s premium event for the year. The AGM provides training and networking opportunities for all attendees and the opportunity for GWDC members to learn about the Chapter’s health\, achievements\, plans\, and other important matters. Presentations and panels focus on emerging technologies\, risk vectors\, mitigation strategies\, and governance trends. Topics are aimed equally at participants focused on the Government and Private sectors. All our sessions are designed to increase your understanding of current topics and hone your professional skills by learning directly from leading practitioner in their fields.  \nFor 2022\, we have a great program at a great venue since we are again at a point where in-person events are possible. For the convenience of all our members\, we will make the Chapter’s business session\, the Annual General Meeting (AGM) of the Membership\, available to them on-line.  \nIT advisory and audit professionals serving the Government and Private sectors\, particularly practitioners credentialed in technology risk management\, governance\, audit\, cloud\, architecture\, cybersecurity\, and privacy should attend this event. \nA networking social immediately follows the Annual Meeting at the same location.  No separate registration is required. \n  \nRegistration \nIn-Person Registration \nThe GWDC Annual Meeting is being held in-person this year.  Please use the link below to register for the full-day\, in-person conference. \nRegistration ended on June 14\, 2022 at 6PM. Participants can use the link below to access CPE Certificates\, feedback survey\, and presentations. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nOnline Registration for AGM Session \nWe’ve listened to feedback from membership who have expressed interest in attending the annual meeting but could not commit to an entire day for the conference. We are pleased to offer the business session of the meeting\, the Annual General Meeting (AGM) of the Membership\, free to all GWDC members on Zoom.  During this session\, the Chapter President will cover changes to GWDC Bylaws\, introduction of new GWDC Officers\, and presentation of the 2022 V. Lee Conyers Award. \nThe AGM Zoom will be held from 10:15 AM to 11:00 AM.  The Zoom is only available to GWDC members who cannot attend the conference.  The Zoom does not include the conference presentations. \nPlease note: Only one registration is required.  If you attend in-person\, you do not need to separately register for the AGM. \nRegistration has closed for this session. \n  \nLocation Information \nVenue \nThe Annual Meeting will be held at the: \nHyatt Regency Washington on Capitol Hill\nColumbia A&B\n400 New Jersey Avenue\nNW Washington D.C. 20001  \n  \nParking and Metro \nMetro:  The nearest Metro station is Union Station. \nParking: Parking is available at the hotel and in various adjacent parking garages. Street parking is very limited. \n  \nConference Details \nAgenda \n8:15 AM – 8:25 AM – Opening Remarks \n  \n8:30 AM – 9:20 AM – Session 1: Making Your Job Easier and Your Organization More Secure \nPresenter: Brian Barnier (CyberTheory Institute) \nIs cybersecurity a linear stable system or a complex dynamic and adversarial system? This session draws upon a century’s worth of proven and practical methods – much funded by the U.S. government – in war and peace. These methods come from critical\, systems\, and industrial strength/design disciplines. The same methods that have powered American innovation — railroad system\, telephone system\, automobile assembly lines\, WWI logistics\, aviation safety\, consumer electronics\, Covid logistics\, and kinetic warfare. Unlocking that “profound knowledge” will lead us to greater security with far less time and effort. \n  \n9:25 AM- 10:15 AM – Session 2: Fireside chat – Innovating in government with critical thinking\, systems thinking and design thinking \nPresenters: Brian Barnier (CyberTheory Institute) and Mark A. Forman (OMB) \nInnovation brings us products and experiences that delight and amaze us. In government\, wide ranging applications of critical\, systems and design thinking are innovating from military special forces to Education to FBI to DHS to FEMA to National Institutes of Health to NASA to Labor to Veterans Health Affairs to NIST to NTSB to CSB to EPA to Agriculture to CDC to CISA. Yet of the innovative thinking in so many agencies – including cyber security and warfare — why are agencies rarely successful in delivering such initiatives? What are the barriers and how can those barriers to removed or at least lowered? Join in our conversation to advance cybersecurity in government and improve your own career satisfaction and work-life balance. \n  \n10:15 AM – 11:00 AM – AGM Session: Annual General Meeting of the Chapter Membership \nPresenter: Alok Kakker\, ISACA Greater Washington D.C. Chapter President \nThe Chapter President will give an update on the chapter’s Strategy\, Goals\, Financials\, Membership and key milestones. Also\, the President will provide changes to GWDC Bylaws\, recognizing the current board of directors and an introduction of new GWDC Officers. In the end there will be a presentation of the Chapter Awards.  \n  \n11:05 AM – 11:55 AM – Session 3: K-12 Cybersecurity Overview \nPresenter: VJ Rao (Fairfax County Public Schools) \nUnderstanding the school system\, the data used and protected and Cybersecurity challenges and overview.  \n  \n12:00 PM – 1:00 PM – Lunch \n  \n1:00 PM – 1:50 PM – Session 4: The Power of Collaboration to Improve Safety and Productivity \nPresenter: Christopher A. Hart (Hart Solutions) \nMany potentially hazardous industries involve systems that consist of a complex array of coupled and interconnected subsystems that must work together effectively in order for the entire system to perform successfully. One of the major challenges in improving safety and reliability in such systems is that\, because the subsystems are coupled\, changes in any one subsystem can affect some or all of the other subsystems\, often in ways that are not linear or predictable\, which can generate unintended consequences. “System Think” refers to an awareness of the impacts throughout a complex dynamic system of changes in any of its subsystems. \nThe commercial aviation industry is using a voluntary government/industry collaborative approach known as CAST\, the Commercial Aviation Safety Team\, to accomplish System Think – bringing all of the key participants of the industry to the table together to work collaboratively to identify and address potential airline operational safety risks. \nThe CAST collaborative approach has been enormously successful. When the previously declining fatal accident rate had begun to “plateau” in the early 1990s\, at a rate that many safety experts thought could not be improved much\, CAST generated a reduction of more than 80% in the rate in less than 10 years. CAST outcomes were not only much more effective and efficient than regulations\, they were implemented much more rapidly\, with everyone in fundamental agreement\, and most significantly\, the focus was on improving safety rather than obtaining mere regulatory compliance. \nThe result was that the US airline industry suffered only one passenger fatality in nearly ten years. CAST also demonstrated that\, contrary to conventional wisdom that safety improvements usually hurt productivity\, safety improvements that result from a collaborative approach can simultaneously improve productivity and reduce cost. Improving productivity and reducing cost are important because safety improvements that hurt the bottom line are not generally sustainable. This presentation shows two commercial aviation examples of successful collaboration and one example of inadequate collaboration. \nAlthough one size may not fit all\, in theory the CAST success story should be transferable to help improve safety and reliability not only in other potentially hazardous industries\, but also in professional disciplines that target intentional wrongdoing\, such as cybersecurity. \n  \n1:50 PM – 2:10 PM – Break \n  \n2:10 PM – 3:00 PM – Session 5: Driving Innovation to Strengthen Oversight Capacity \nPresenter: Taka Ariga (GAO) \nAs technologies advance at a rapid pace\, it is paramount for the oversight community to understand key IT accountability challenges while also looking for ways to adapt new IT capabilities. The Innovation Lab at the Government Accountability Office is addressing this duality in a systematic and sustainable way that enable GAO to better serve evidence-based policy making. \n  \n3:05 PM – 3:55 PM – Session 6: NIST Security and Privacy Standards and Guidelines – 2022 Update \nPresenters: Victoria Yan Pillitteri (NIST) and  Cherilyn E. Pascoe (NIST) \nNIST continues to update and issue new key cybersecurity and privacy publications addressing risk management\, assessment\, systems security engineering and cyber resiliency. This presentation will provide a deep dive into recent NIST publication updates\, new and ongoing efforts such as the Cybersecurity Framework update\, the Artificial Intelligence Risk Management Framework\, as well as cover what’s ahead for NIST SP 800-53\, Security and Privacy Controls for Information Systems and Organizations. \n  \n4:00 PM – 4:15 PM – Closing Remarks \nNetworking mixer immediately follows the close of the Annual Meeting \n  \nPresenters \n\n \n\n\nBrian Barnier\nDecision Analyst and Co-Founder CyberTheory Institute \nBrian Barnier is head of decision science and analytics at ValueBridge Advisors\, co-founder of CyberTheory Institute\, and co-founder of Think.Design.Cyber. Brian pioneered life-like scenario analysis\, industrial-strength design thinking and organization transformation in cybersecurity and a leader in systems thinking and math in cyber\, authored 200+ cybersecurity articles\, and has received prestigious honors that include the 2021 Joseph J. Wasserman Award from ISACA NYM and the 2015 V. Lee Conyers Award from ISACA GWDC. He also participated in the creation of ISACA’s Risk IT and COBIT5. \nAt Nokia/Lucent Bell Labs & AT&T he led teams to 9 patents – 6 heavily used during COVID. At AT&T he led a groundbreaking internal security initiative to enable new product sales. At IBM he launched the first secure distributed messaging software\, created the “security as a process” solution team. \nBrian is the author of The Operational Risk Handbook(Harriman House\, Great Britain\, 2011)\, a contributor to Risk Management in Finance (Wiley\, 2009) and Risk and Performance Management: A Guide for Government Decision Makers (Wiley\, 2014). He teaches a graduate seminar in decision science and data analytics at City University of New York and is a guest cybersecurity lecturer. \n\n\n \n\n\nMark A. Forman\nExecutive Vice President\, Enterprise Optimization Dynamic Integrated Services LLC\, CVE verified Service-Disabled Veteran-Owned Small Business\nFormer Administrator\, Office of E-Government\, OMB\n \nMr. Forman leads the Enterprise Optimization Services practice\, working with U.S. federal government clients to improve their mission outcomes through innovations related to organizational and digital transformation approaches. He has been recognized for modernizing government and improving customer focus through his work spanning a variety of government and industry positions. His team addresses core agency performance challenges in defining modernization initiatives\, taking advantage of technologies to simplify business processes and turning data insights into actions that achieve better results. With certifications in Business Transformation\, Prosci Change Management\, and Objectives and Key Results (OKR) Coaching\, he and his team ensure solutions address holistic\, end-to-end organizational needs including IT\, process simplification\, change management\, human capital\, and strategy. \nMr. Forman has a long record of results in government management reforms\, spanning a variety of government and industry positions. Mark Forman is an accomplished Executive with more than 30 years of professional work experience\, including a Presidential appointment to be the first U.S. Administrator for E-Government and Information Technology\, the Federal Government’s Chief Information Officer As a government executive\, he managed and led more than 2000 people working on 25 large multi-agency Presidential initiatives relating interactions between the federal government and businesses\, federal and state governments\, federal government and individuals\, and shared services across agencies. As an industry executive\, he built and led teams of consultants and program delivery for governments around the world while working at IBM\, Unisys\, KPMG\, and SAIC. Mr. Forman excels at team building to define and achieve strategic programs and transformation initiatives. \nMr. Forman is a former fellow of the National Academy of Public Administration and CIO Sage. He is a member of the Industry Advisory Council’s Presidential Transition team. He has given well over 100 speeches on federal IT management\, E-Government\, business transformation and information technology to a wide variety of industry groups and government officials from around the world. Mr. Forman has testified before the U.S. Congress\, Australia Senate\, and several State Houses on information policy and management reform issues. He is a frequent guest on radio\, television\, and social media interviews related to government modernization\, and published numerous papers and articles on government reform. Mr. Forman is also served on the Social Security Administration Advisory Board IT Panel reviewing SSA Modernization and the NASA IT Advisory Board reviewing NASA IT governance. \n\n\n \n\n\nVJ Rao \nCISO\, Fairfax County Public Schools (FCPS) \nVJ Rao currently oversees information security for Fairfax County Public Schools. He also served as the Chief Information Security Officer for the 2016 and 2020 Presidential and Vice-Presidential Debates and has over 20 years of experience as a cybersecurity leader. \n  \n\n\n \n\n\nAlok Kakker\nCRISC\, CISA\, CDPSE\nISACA Greater Washington D.C. Chapter President\nCEO/President\, Annuk Inc. \nMr. Kakker leads a team of highly skilled and experienced SME’s across Cyber Security\, Technology Integration\, Risk Management\, Critical Infrastructure Security\, and Program management. Mr. Kakker has 22+ years of Governance\, Corporate Compliance\, Technology Risk Management\, Project Management and IT Implementations experience. Mr. Kakker is C-suite consultant and SME on PCI DSS\, COBIT\, ITIL and SSAE16 SOC engagements. In his capacity as current President and long-time Board of Directors member\, Mr. Kakker contributed to making ISACA GWDC the largest ISACA Chapter world-wide\, earning innovation and excellence awards\, and communicating the ISACA Values to the IT and audit communities in the Washington DC metropolitan region. \n\n\n \n\n\nChristopher A. Hart\nHart Solutions LLC\nFormer Chairman of the National Transportation Safety Board \nChristopher A. Hart is the founder of Hart Solutions LLP\, which specializes in improving safety in a variety of contexts\, including the safety of automation in motor vehicles\, workplace safety\, and process safety in potentially hazardous industries. \nMr. Hart is also Chairman of the Washington Metrorail Safety Commission\, a three-jurisdictional agency (MD\, VA\, DC) that was created in 2019 to oversee the safety of the Washington area subway system. In addition\, in 2019 he was asked by the Federal Aviation Administration to lead the Joint Authorities Technical Review that was created bring together the certification authorities of 10 countries\, as well as NASA\, to review the robustness of the FAA certification of the flight control systems of the Boeing 737 MAX and make recommendations as needed to improve the certification process. Also\, in 2021 he was asked to join the Board of the Joint Commission on Accreditation of Healthcare Organizations\, the non-government organization that accredits hospitals\, to help improve healthcare safety. He was also invited in 2021 to be on the FAA Management Advisory Council. After an Uber test vehicle struck and killed a pedestrian in Tempe\, AZ\, in 2018\, and Uber terminated such tests on public streets\, Mr. Hart was included in the team of experts that Uber engaged to recommend how to safely resume street testing\, which it has done. \nFrom 2009 until 2018 Mr. Hart was Chairman\, Vice Chairman\, and a Member of the National Transportation Safety Board (NTSB)\, having been nominated by President Obama and confirmed by the Senate. The NTSB investigates major transportation accidents in all modes of transportation\, determines the probable causes of the accidents\, and makes recommendations to prevent recurrences. He was previously a Member of the NTSB in 1990\, having been nominated by (the first) President Bush. \nMr. Hart has a law degree from Harvard Law School and a Master’s Degree and a Bachelor’s Degree (magna cum laude) in Aerospace Engineering from Princeton University. He is a member of the District of Columbia Bar and the Lawyer-Pilots Bar Association\, and he is a pilot with commercial\, multi-engine\, and instrument ratings as well as a Cessna Citation SIC Type Rating. \n\n\n \n\n\nTaka Ariga\nChief Data Scientist and Director of Innovation Lab\, U.S. Government Accountability Office \nTaka is the first Chief Data Scientist appointed by the Comptroller General of the United States for the Government Accountability Office. He also leads GAO’s Innovation Lab in driving problem-centric experiments across oversight\, insight\, and foresight work through data science and emerging technologies. As a member of the federal Senior Executive Service\, Taka is responsible for working with GAO stakeholders to adopt prospective views on impacts of emerging capabilities such as AI\, cloud computing\, blockchains\, RPA\, extended reality\, and IoT. \nTaka is a seasoned data science executive with over 22 years of experience helping private and public sector organizations make sense of hidden correlations\, behaviors\, relationships\, patterns\, and anomalies. He is passionate about fostering a data-informed culture\, using data science as a catalyst to address complex regulatory\, risk\, operational\, and business intelligence challenges. \nTaka is natively fluent in both Japanese and Mandarin Chinese. In his spare time\, he is also a serious classical chamber musician and a competitive tennis player. \n\n\n \n\n\nVictoria Yan Pillitteri\, CISSP\nSenior Computer Scientist\, National Institute of Standards and Technology \nVictoria Yan Pillitteri is a senior computer scientist in the Computer Security Division at the National Institute of Standards and Technology (NIST). Ms. Pillitteri is the team lead of the Federal Information Security Modernization Act (FISMA) Implementation Project. She supervises a team of technical research and administrative staff that are responsible for conducting the research and development of the suite of risk management guidance used for managing information security risk in the federal government\, and associated stakeholder outreach and public-private coordination/collaboration efforts. In addition to her role as supervisor\, she leads a research portfolio focused on security and privacy risk management\, and frequently hosts and speaks at conferences and workshops on these topics. \nMs. Pillitteri previously worked on the Cybersecurity Framework\, led the NIST Smart Grid and Cyber Physical Systems Cybersecurity Research Programs\, served on the board of directors of the Smart Grid Interoperability Panel\, served as Chair of the Federal Computer Security Managers’ Forum\, and completed a detail in the office of the NIST Director as an IT policy advisor. She has co-authored a number of NIST Special Publications (SPs) and Interagency Reports (IRs) on information security\, including SP 800-12\, 800-37\, 800-53\, 800-82\, 800-171\, 800-171A\, 800-171B\, 800-137A\, 1108 and IR 7628. \nVictoria holds a B.S. in Electrical Engineering from the University of Maryland\, a M.S in Computer Science\, with a concentration in Information Assurance\, from the George Washington University\, and is a Certified Information Systems Security Professional (CISSP). \n\n\n \n\n\nCherilyn E. Pascoe\nSenior Technology Policy Advisor\, NIST \nCherilyn Pascoe is Senior Technology Policy Advisor at the National Institute of Standards and Technology (NIST)\, U.S. Department of Commerce. She advises NIST leadership on technology policy and strategy\, including cybersecurity\, privacy\, and artificial intelligence. She also leads the NIST Cybersecurity Framework program and is active in the NIST AI Risk Management Framework development. Prior to joining NIST\, she served more than a decade in staff leadership roles on the U.S. Senate Committee on Commerce\, Science\, and Transportation working for former Senator Hutchison (R-TX)\, Senator Thune (R-SD)\, and current Ranking Member Wicker (R-MS). Most recently\, she served as Deputy Policy Director managing the Committee’s Space and Science Subcommittee\, which has legislative and oversight jurisdiction over science\, technology\, standards\, and civil space policy. During her time on the Hill\, she led efforts to develop and advance several notable pieces of legislation\, including the U.S. Innovation and Competition Act\, the AV Start Act\, as well as three surface transportation reauthorization laws and ten cybersecurity laws. Pascoe received her M.A. in International Science and Technology Policy from the George Washington University and her B.S. Chem. with Highest Honors in Chemistry from the University of Michigan. \n\nAdditional Details \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nPresentations \nAny presentations made available by the presenters will be emailed to the event participants.   \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 7 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After completing this conference\, students will have a better understanding of latest trends and current topics affecting IT audit\, assurance\, compliance\, security\, and risk management.\n Prerequisites:  None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Live\, in-person\n Field of Study:  Specialized Knowledge – Information Technology URL:https://isaca-gwdc.org/event/2022-annual-meeting/ LOCATION:Hyatt Regency Washington on Capitol Hill\, 400 New Jersey Avenue\, NW\, Washington\, DC\, 20001\, United States ORGANIZER;CN="Noel Nazario":MAILTO:SpecialEvents@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220610T093000 DTEND;TZID=America/New_York:20220610T163000 DTSTAMP:20221226T144822Z CREATED:20220515T151108Z LAST-MODIFIED:20221226T144822Z UID:29125-1654853400-1654878600@isaca-gwdc.org SUMMARY:Seminar - Introduction to Auditing with PowerShell® DESCRIPTION:Today’s auditors need data from a variety of sources and formats to execute their audits.  This data could be in basic files such as CSVs\, spreadsheets\, and documents.  Other data is located in applications\, such as Active Directory and Azure.  Auditors need tools to aide them in obtaining data from these and other sources and preparing them for analysis and work paper documentation.  Microsoft’s PowerShell is a platform that can be used to perform these and many\, many more tasks.  While PowerShell is designed to aide administrators in managing their Windows systems\, it has an extensive array of capabilities that auditors can use in their audits. \nThis one-day virtual class is designed for students who want to learn different ways that PowerShell can be used in performing audits.  Students will learn the basics of PowerShell\, including commands to import\, view\, summarize\, and export data.  Students will also be taught how PowerShell can be used to obtain data from Windows Event Logs\, Active Directory\, Azure Active Directory\, and other data sources.  There will be hands-on exercises as well to reinforce basic concepts and provide students with a good start in using the PowerShell platform. \nThis seminar is for IT Audit and Cybersecurity professionals or anyone else looking to incorporate PowerShell into their toolkits for accomplishing audits and projects. \nRegistration closed on June 8\, 2022 @ 5pm. Participants can use the link below to access CPE Certificates and the feedback survey. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nCourse Details \nSeminar Outline \n\n Overview of PowerShell\n Basics of Using PowerShell Commands\n PowerShell Commands to Import\, Summarize\, View\, and Export Data\n Overview of Using PowerShell to Import Data from XML and Text Files\n Overview of Using PowerShell to Import Data from Windows Event Logs\n Overview of Using PowerShell to Import Data Word and Excel Files\n Overview of Using PowerShell to Import Data from Active Directory and Azure Active Directory\n Excercises for importing\, manipulating\, summarizing\, and exporting CSV files\n Resources and Recap\n\n  \nInstructor \n\n \n\n\nMike Howard\nCISA\, MBA \nMike Howard is an experienced IT auditor with over 27 years of IT auditing experience in the Federal Government. Mike is a technical auditor who has audited numerous technologies\, including mainframes\, Unix environments\, Active Directory\, databases\, Cisco devices\, and Windows computers. Mike embraces innovative technologies to accomplish his audits\, most notably using PowerShell to write custom scripts. Over the 10+ years that he has been using PowerShell\, he’s written over 300 PowerShell scripts. \nMike is also a member of the ISACA Greater Washington D.C. chapter and has served on the board for 16+ years\, most of the time as Internet/Communications Director. Mike is currently the Associate Director for Web Development\, where he manages the chapter’s website. Mike has also used PowerShell to accomplish tasks related to his Chapter duties\, including creating web pages\, calculating CPE credits\, and updating membership rosters. \nMike has a B.S. in Accounting from Old Dominion University and a Masters in Business Administration from George Mason University. \n\n  \nAdditional Details \nZoom Instructions \n\n Group Internet-Based. Zoom link delivered prior to the event.\n Prior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n ISACA Greater Washington\, D.C. will not be responsible for the participant’s inability to respond to the polls.\n\nPresentations \nThe instructor will distribute all class materials \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 7 Continuing Professional Education (CPE)credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit. \n  \nLearning Objective \nAfter completing this seminar\, students will have skills to use PowerShell to import\, summarize\, and output data.  Students will also have an awareness of potential data sources that PowerShell can be used with. \n  \nCPE-Related Details \n\n Prerequisites:  Students should be familiar with using Windows and using CSV files\n Advance Preparation: Students should have access to a Windows computer where the PowerShell command line can be used.  User rights are all that’s necessary; administrative rights are not required.  Students will be provided exercise files in advance that should be downloaded to the computer.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet based\n Field of Study:  Specialized Knowledge – Information Technology URL:https://isaca-gwdc.org/event/2022-intro-to-auditing-with-powershell/ LOCATION:Virtual Event ORGANIZER;CN="Mike Howard":MAILTO:itadmin2@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220604T093000 DTEND;TZID=America/New_York:20220611T143000 DTSTAMP:20240911T150804Z CREATED:20220208T215338Z LAST-MODIFIED:20240911T150804Z UID:28850-1654335000-1654957800@isaca-gwdc.org SUMMARY:Certified in Emerging Technology (CET) - Cloud Fundamentals DESCRIPTION:The GWDC is sponsoring an intensive 2-day course for the Certified in Emerging Technology™ (CET)- Cloud Fundamentals Certificate.  The dates of this course are: June 4 and 11\, 2022 from 9:30 am to 2:30 PM Eastern.   \nThis course covers characteristics\, components\, deployment models\, risks\, and business drivers of cloud computing. Learners gain insight into the principles and concepts of cloud computing\, services models\, cloud governance\, and an overview of critical cloud service considerations. \nThe interactive\, self-guided format blends both knowledge and performance-based training components to provide a truly unique and dynamic learning experience that builds and reinforces the critical skills required to perform real-world technical tasks. \nIndividuals with little to zero years’ experience in cloud and those seeking to increase their knowledge and skills in Emerging Technology Topics should attend this event.  It’s also intended for anyone preparing for the CET Cloud fundamentals certificate exam. \nRegistration closed on June 1. Participants can use the link below to access CPE Certificates and the feedback survey. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nCourse Details \nAgenda \nModule 1 – Cloud Computing Models \n\n Cloud Components\n Cloud Service Implementation Considerations\n Cloud Deployment Models\n\nModule 2-Cloud Service Models \n\n Software as a Service\n Platform as a Service\n Solution Stacks\n Infrastructure as a Service\n\nModule 3-Cloud Governance \n\n Business Drivers to Cloud \n Risks Associated with cloud solutions\n Cloud Vendor Selection and Management\n Portability of Services\n\nModule 4-Cloud Service supports \n\n Distinguish between service implementation and support in the cloud\n Describe the testing and validation requirements for post-cloud implementation\n Articulate the special role that configuration management plays in cloud computing\n Identify resource management challenges with cloud computing implementations\n\n  \nCET Cloud Fundamentals Certificate Exam \nThe exam will be offered via Computer-Based Testing (CBT). \nRegistration for the exam is administered by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \n» Details on CET Cloud Fundamentals Certificate and Exam Registration \n  \nExam Preparation \nFor students who wish to take the CET- Cloud fundamentals exam\, it is highly recommended that the prospective candidates should purchase the official study guide and labs here as the exam includes hands on elements. \n  \nInstructor \n\n \n\n\nSushila Nair\nVice President\, Security Portfolio @ NTT DATA Services\, NTT DATA\, Inc.\nCISSP CISM CRISC CISA \nSushila Nair specializes in cybersecurity\, risk\, and audit services. Sushila Nair is a former Member of the Board of Directors for the Greater Washington\, D.C. ISACA Chapter and has presented at CACS\, BrightTALK\, Seguruinfo and many other international events.  She has taught several review courses for the GWDC chapter and ISACA Global. \n\nAdditional Details \nVirtual Event Information \n\n Group Internet-Based. Zoom link delivered with registration.\n Prior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n ISACA Greater Washington\, D.C. will not be responsible for the participant’s inability to respond to the polls.\n\n  \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nCPE Information \nEarn up to 10 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit. \n  \nLearning Objectives \n\n Identify characteristics\, benefits\, deployments\, and components of cloud computing\n Evaluate cloud delivery models\, including SaaS\, PaaS\, and IaaS\n Define governance needs\, business drivers\, strategic value\, and risks associated with cloud computing\n Understand business model considerations for cloud computing\, including testing\, resource management\, data availability\, and business continuity\n\n  \nCPE-Related Details \n\n Prerequisites and Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet based\n Field of Study:  Information Technology – Technical\n\n  URL:https://isaca-gwdc.org/event/cet-cloud-2022-spring/ LOCATION:Virtual Event CATEGORIES:Review Courses ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220604T083000 DTEND;TZID=America/New_York:20220625T170000 DTSTAMP:20230213T211237Z CREATED:20220409T152252Z LAST-MODIFIED:20230213T211237Z UID:29008-1654331400-1656176400@isaca-gwdc.org SUMMARY:CISA Summer 2022 Review Course DESCRIPTION:The GWDC is sponsoring an intensive 4-day review course for the Certified Information System Auditor® (CISA®) exam.  This review course will provide practical advice on preparing for the CISA exam and specific instruction regarding the job practice areas addressed by CISA as defined by ISACA® Global. The dates of this course are four (4) consecutive Saturdays: June 4\, 11\, 18 and 25\, 2022 from 8:30 am to 5 pm eastern. \nThis event is intended for anyone sitting for the CISA Exam. Students are expected to have prepared for the exam prior to attending the course. \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details.   \nRegistration closed on June 2\, 2022.  Participants can use the link below to access CPE Certificates and the feedback survey. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nPlease note\, registration for the CISA exam is administered by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \n» Details on the Certification and Exam Registration \n  \nCourse Details \nAgenda \nDay 1  \n\n Module 1 – The Process of Auditing Information Systems\n Module 2 – Governance and Management of IT\n\nDay 2 \n\n Module 3 – Information Systems Acquisition\, Development\, and Implementation\n\nDay 3  \n\n Module 4 – Information Systems Operations\, Maintenance\, and Support\n\nDay 4  \n\n Module 5 – Protection of Information Assets\n\n  \nMaterials Provided During the Course \nParticipants receive a Study Guide to help them prepare for the CISA exam. The Study Guide contains a presentation\, a case study\, and 20 quiz questions for each domain in the official CISA Review Manual. The Study Guide contains additional material such as suggested study approach\, exam taking tips\, list of “must know” vocabulary terms\, and other suggested readings to aid participants in their exam preparation. \n  \nStudy Materials \nThe instructor highly recommends that students purchase the CISA Review Manual and the CISA Review Questions\, Answers\, and Explanations Database – 12 Month. Below are the study materials available for purchase from the ISACA Bookstore: \n\n CISA Review Manual\n CISA Review Questions\, Answers & Explanations Manual\n CISA Review Questions\, Answers & Explanation Database – 12 month subscription\n\n**It is highly recommended to order these at the earliest opportunity to avoid any possible delays in their availability for the start of the program. \n  \nAdditional Study Resources \nCandidates should review the Exam Candidate Guide and other resources on the ISACA CISA page as part of their study program.  \n  \nInstructor \n\n \n\n\nJim Wiggins\n \nJim has over 25 years direct experience in the design\, operations\, management\, and auditing of information technology systems\, with the past 20 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses targeted at federal and government contracting clients. \nToday\, Jim is the founder and executive director of the Federal IT Security Institute (FITSI). FITSI is a 501c6 non-profit\, certification body accredited by the ANSI National Accreditation Board (ANAB) under ISO 17024. FITSI provides a role-based IT security certification program targeted at the federal workforce. \nJim is also the executive director of the FITSI Foundation. The FITSI Foundation is 501c3 public charity that runs the Wounded Warrior Cyber Combat Academy (W2CCA). \nAdditionally\, Jim provides education and training support for the National Risk Management Center (NRMC) at the Cybersecurity and Infrastructure Agency (CISA) inside of the Department of Homeland Security (DHS). \nIn 2011\, the Federal Information Systems Security Educators’ Association (FISSEA) named him “Educator of the Year” for the impact he continues to make in the federal workforce. \nIn 2019\, FCW Named Jim to the “Federal 100” for his work to tirelessly promote cybersecurity education across all branches of the federal government. \nJim holds the following IA/IT security certifications: CISSP\,ISSEP\, CISM\, CISA\, CySA+\, SCNA\, SCNP\, CAP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M. \n\n  \nAdditional Details \nVirtual Event Information \nThe course will be held online using Zoom. An email with the Zoom link will be sent to registrants prior to the start of the course. \nPrior to the event\, registrants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits. \nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The ISACA Greater Washington\, D.C. will not be responsible for the participant’s inability to respond to the polls. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 32 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After completing the course\, students will be prepared to sit for the CISA exam.\n Prerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/2022-cisa-summer-review/ LOCATION:Virtual Event ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220602T083000 DTEND;TZID=America/New_York:20220604T163000 DTSTAMP:20230213T211323Z CREATED:20220409T215108Z LAST-MODIFIED:20230213T211323Z UID:29015-1654158600-1654360200@isaca-gwdc.org SUMMARY:CISM Summer 2022 Review Course DESCRIPTION:The GWDC is sponsoring an intensive 3-day review course for the Certified Information Security Manager® (CISM) Exam. The CISM® review course will provide practical advice on preparing for the CISM exam and specific instruction regarding the job practice areas addressed by CISM as defined by ISACA® Global. The dates of this course are June 2 – 4\, 2022 from 8:30 am to 4:30 PM Eastern. \nThis event is intended for anyone sitting for the CISM Exam. Students are expected to have prepared for the exam prior to attending the course. \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the chapter event policy for discount details. \nRegistration closed on May 31. Participants can use the link below to access CPE Certificates\, feedback survey\, and presentations. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site \n  \nPlease note\, registration for the CISM exam is administered by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \n» Details on the Certification and Exam Registration \n  \nCourse Details \nAgenda \nDay 1  \n\n Module 1 – Information Security Governance\n Module 2 – Information Security Risk Management\n\nDay 2 \n\n Module 3 – Information Security Program\n Module 4 – Incident Management\n\nDay 3  \n\n Module 5 – Exam Preparation Strategies\n\n  \nMaterials Provided During the Course \nParticipants receive a Study Guide to help them prepare for the CISM exam. The Study Guide contains a presentation\, a case study\, and 20 quiz questions for each domain in the official CISM Review Manual. The Study Guide contains additional material such as suggested study approach\, exam taking tips\, list of “must know” vocabulary terms\, and other suggested readings to aid participants in their exam preparation. \n  \nStudy Materials \nThe instructor highly recommends that students purchase the CISM Review Manual and the CISM Review Questions\, Answers\, and Explanations Database – 12 Month. Below are the study materials available for purchase from the ISACA Bookstore: \n\n CISM Review Manual\n CISM Review Questions\, Answers & Explanations Manual\n CISM Review Questions\, Answers & Explanation Database – 12 month subscription\n\n**It is highly recommended to order these at the earliest opportunity to avoid any possible delays in their availability for the start of the program. \n  \nAdditional Study Resources \nCandidates should review the Exam Candidate Guide and other resources on the ISACA CISM page as part of their study program.  \n  \nInstructor \n\n \n\n\nNoel Nazario \nNoel A. Nazario is a technology and business leader that brings a wealth of technical and leadership experience to help clients assess risk\, develop risk mitigation strategies\, envision and realize coherent technology environments\, improve Cybersecurity Program maturity\, establish Incident Response strategy\, and improve IT/OT integration with business strategy. His experience includes business development\, C-level training\, financial systems audit\, technology risk management\, cybersecurity programs and operations\, enterprise architecture\, IT operations and services integration\, cloud management\, and IT governance. Noel’s professional background enables him to work with leaders with diverse perspectives and backgrounds. \nNoel A. Nazario is a Certified Information Security Manager (CISM) and an ISACA Accredited trainer. Noel was the recipient of the GWDC’s 2018 V. Lee Conyers Award. He participates in multiple industry groups and is a frequent conference host and speaker. Noel started his technology career as an Electronics Engineer for the National Institute of Standards and Technology (NIST) Computer Security Division. He transitioned to the private sector to work for KPMG\, EY\, and Grant Thornton in roles that ranged from Senior Associate to Senior Manager and Director. He later started a consulting firm and is now a Senior Director at Annuk Inc\, where he leads the IT Architecture Review Board for the Washington Metropolitan Area Transit Authority and supports other clients. \n\nAdditional Details \nVirtual Event Information \nThe course will be held online using Zoom. An email with the Zoom link will be sent to registrants prior to the start of the course. \nPrior to the event\, registrants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits. \nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits. The ISACA Greater Washington\, D.C. will not be responsible for the participant’s inability to respond to the polls. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 24 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit. \n  \nCPE-Related Details \n\n Learning Objective: After completing the course\, students will be prepared to sit for the CISM exam.\n Prerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/2022-cism-summer-review/ LOCATION:Virtual Event ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220512T170000 DTEND;TZID=America/New_York:20220512T190000 DTSTAMP:20220503T092724Z CREATED:20220408T002956Z LAST-MODIFIED:20220503T092724Z UID:28991-1652374800-1652382000@isaca-gwdc.org SUMMARY:Post-Event Networking Mixer for the GWDC and CSA-DC Joint Conference DESCRIPTION:The ISACA GWDC and the DC Chapter of the Cloud Security Alliance are hosting a post-event networking mixer immediately following the conference on Security and Compliance in a Cloud-Connected Enterprise.   \nAnyone can attend the networking mixer.  There is a capacity limit of 120 attendees\, so register early. \nPlease register for the mixer by May 10\, 2022.  A separate registration is needed for the conference. \nRegister today! \n  \nEvent Details \nLocation Details \nVenue Location\nMarymount University\, Ballston Campus\n2nd Floor Conference Center\n1000 N. Glebe Road\, Arlington\, VA 22201\n(Corner of Fairfax Drive and Glebe Rd.)\n  \nParking and Metro \nThere is parking on Wakefield Street in the back of the Ballston Campus building. Attendees must take a ticket and pay on exit. \nThe nearest Metro station is Ballston-MU. Exit the station through the “Ballston Station” exit and walk approximately 4 blocks west to the Campus building. \n  \nEvent Questions \nIf you have any questions about this event\, please contact the event organizer\, Adnan Sijercic. \n  \nCancellation Policy \nCancellation for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. URL:https://isaca-gwdc.org/event/2022-post-event-networking-mixer/ LOCATION:Marymount University\, 1000 N Glebe Rd\, Arlington\, VA\, 22203\, United States ORGANIZER;CN="Adnan Sijercic":MAILTO:outreach@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220512T130000 DTEND;TZID=America/New_York:20220512T170000 DTSTAMP:20220611T193945Z CREATED:20220312T145943Z LAST-MODIFIED:20220611T193945Z UID:28945-1652360400-1652374800@isaca-gwdc.org SUMMARY:GWDC and CSA-DC Joint Event: Security and Compliance in a Cloud-Connected Enterprise DESCRIPTION:  \nPlease Note:  If you came to this page looking for the 2022 Annual Meeting\, please vist https://isaca-gwdc.org/event/2022-annual-meeting/. \n  \nThe ISACA GWDC and the DC Chapter of the Cloud Security Alliance are hosting a conference on Security and Compliance in a Cloud-Connected Enterprise.  Organizations need to modernize their technology investments to move at the speed of business.  As such\, new cloud-based applications are being both developed and integrated into heavily regulated environments.  This mix of on-premise infrastructure which is wholly owned by the enterprise coupled with cloud-based applications presents unique security and compliance challenges that need to be addressed head on.  Come to this joint ISACA-GWDC & CSA-DC event to learn from thought leaders in cloud security and auditing around best practices to architect and deliver security and compliance in your cloud-connected enterprise.  \nA networking mixer will be held immediately after the conference.  A separate registration is needed to attend the mixer.  \nPlease register by May 10\, 2022. \nRegister today! \n Event Details \nHybrid Event \nThis event will be held in-person and online (Zoom). \nThere is a capacity limit of 120 registrants for in-person attendance\, so register early! \n  \nPricing \nThe cost this event (both in-person and online (Zoom)):  \n●  ISACA GWDC and CSA DC Members: $65 \n●  Non-members: $105 \n  \nIn-Person Location Details \nVenue Location\nMarymount University\, Ballston Campus\n2nd Floor Conference Center\n1000 N. Glebe Road\, Arlington\, VA 22201\n(Corner of Fairfax Drive and Glebe Rd.)\n  \nParking and Metro \nThere is parking on Wakefield Street in the back of the Ballston Campus building. Attendees must take a ticket and pay on exit. \nThe nearest Metro station is Ballston-MU. Exit the station through the “Ballston Station” exit and walk approximately 4 blocks west to the Campus building. \n  \nCheck-in \nRegistrants will be able to check-in 30 minutes before the event. \n  \nOnline (Zoom) Details \nThe Zoom link will be included in the registration confirmation email and in the event reminder that is sent the day of the event.  \n  \nCPE \nCPE’s for all attendees will be self-certified. No certificates will be distributed. \n Topics and Presenters \nWho Should Attend \nDetails will be posted soon. \n  \nLearning Objectives \nDetails will be posted soon. \n  \nAgenda \n\n\n\nTime\nTopic\nModerator/Speaker\n\n\n1:00 – 1:15\nWelcome & Introductions\n \n\n\n1:15 – 2:00\nCIO/CxO Keynote Speaker\nTravis Howerton \nCo-Founder and Chief Technology Officer (CTO)\, RegScale \nFormer Global Director of Digital Transformation\, Bechtel Corporation \nFormer Deputy Director for IT\, Oak Ridge National Laboratory \nFormer Chief Technology Officer\, National Nuclear Security Administration\n\n\n2:00 – 2:45\nPanel: Digital Transformation Challenges and Best Practices\n\nModerator\nAnil Karmel\, Co-Founder and CEO at RegScale\nPanelists\nBob Gourley\, OODA LLC\nSaif Rahman\, Quzara\n\n\n\n2:45 – 3:00\nCoffee Break\n \n\n\n3:00 – 3:50\nPanel: Cloud Security in a Zero Trust World\n\nModerator\nDr. Mari Spina\, Principal Cybersecurity Engineer/Cloud Security Capability Leader\, MITRE\nPanelists\nBrian McKenney\, MITRE\nPaul Deakin\, F5\nJyoti Wadhwa\, T-Rex Solutions\n\n\n\n3:50 – 4:45 \nPanel: Cloud Compliance and Auditing – Where do I Start?\nModerator/Speaker\nDr. Mari Spina\, Principal Cybersecurity Engineer/Cloud Security Capability Leader\, MITRE\nPanelists\nTravis Howerton\, RegScale\nAaron Lippold\, MITRE\nGreg Elin\, GovReady\n\n\n4:45 – 5:00\nEvent Wrap Up\n \n\n\n5:00 – 6:00\n\nNetworking Happy Hour \n\nSeparate registration required – visit networking mixer page for additional details\n\n\n\n  \nPresenters \n \n Travis Howerton\nCo-Founder and Chief Technology Officer (CTO)\, RegScale \nFormer Global Director of Digital Transformation\, Bechtel Corporation \nFormer Deputy Director for IT\, Oak Ridge National Laboratory \nFormer Chief Technology Officer\, National Nuclear Security Administration\n\nAs co-founder and chief technology officer of RegScale\, Travis Howerton is responsible for product development and R&D for our continuous compliance automation platform. RegScale is focused on eliminating paper and helping organizations achieve an always audit ready posture with real-time risk and compliance management. Prior to joining RegScale\, Howerton served as the global director for strategic programs within Bechtel Corporation and was the Bechtel lead for the merger\, cost savings and transformation programs at Consolidated Nuclear Security. Prior to joining Bechtel\, Howerton had a long and diverse career consisting of senior executive assignments throughout the U.S. Department of Energy. He served as the Deputy Director for the IT Services Division at Oak Ridge National Laboratory\, Chief Technology Officer for the National Nuclear Security Administration and as Chief Information Officer for Y-12. Howerton holds a Bachelor’s Degree in Organizational Management from Tusculum College and a Master’s Degree in Computer Information Systems from Boston University. He holds multiple certifications\, including the CISSP\, ITIL\, PMP\, Scrum Master\, Harvard Credential of Readiness and AWS Certified Developer. He is an accomplished public speaker\, has authored or been cited in over 50 publications and supports multiple non-profit associations and educational institutions by serving as a board member. \n \n Anil Karmel\nCo-Founder and CEO of RegScale\nPresident of the Cloud Security Alliance’s Washington DC Metro Area Chapter (CSA-DC)\nAnil Karmel is the Co-Founder and CEO of RegScale\, which delivers freedom from (digital) paper by helping organizations shift both security and compliance left via our RegScale continuous compliance automation platform. Formerly\, Anil served as the National Nuclear Security Administration (NNSA) Deputy Chief Technology Officer. \nKarmel has been in the IT Industry for over twenty years\, working with Fortune 500 companies and governments at the intersection of cloud\, cyber security\, and compliance. He and his team garnered industry and government accolades\, including the SANS National Cyber Security Innovators Award for Cloud Security\, InformationWeek 500 Top Government IT Innovators\, ACT/IAC Excellence.gov Award and the DOE Secretary’s Achievement Award. \nAnil currently serves as the President of the Cloud Security Alliance’s Washington DC Metro Area Chapter (CSA-DC) and as a member of the CSA’s CxO Trust Advisory Council. Karmel is a nationally recognized speaker and has been featured at numerous IT conferences and webinars. \n \n Bob Gourley\nCTO & Co-Founder at OODA LLC\nBob Gourley is an experienced enterprise CTO with extensive past performance in optimizing technology in support of global businesses. As CTO of OODA he leads engagements focused on improving the security and functionality of enterprise IT.  He also advises clients on technology due diligence and leads the technology research and reporting activities at OODAloop.com  Bob is the former CTO for the Defense Intelligence Agency. He has received the Infoworld top CTO award and was named one of the top 100 “Tech Titans” in DC by Washingtonian magazine.  \n \n Saif Rahman\nLeader – Cloud Security\, Application Security Risk at Quzara\nSaif is the co-founder of Quzara and has been involved in various aspects of cloud security and security operations centers throughout most of his career. Saif has been working very closely with Microsoft over the past decade on various initiatives such as FedRAMP readiness\, leading the CMMC acceleration program\, and other major clients for cybersecurity services. \n \n Dr. Mari Spina\, PMP\, CISSP-ISSEP-CCSP\nPrincipal Cybersecurity Engineer/Cloud Security Capability Leader at MITRE\nDr. Spina joined MITRE in 2014 and has been supporting a multitude of MITRE Federal sponsors including DHS\, DoD and the IC in the area of Cloud Security. At MITRE\, she is a Principle Cybersecurity Engineer\, leads the Cloud Security Capability Area\, and teaches Cloud Security for the MITRE Institute.  She has also taught many Information Technology courses for the George Washington University schools of engineering and business. Before joining MITRE\, she worked for government engineering firms including Hughes Aircraft\, SAIC\, ManTech\, NJVC\, and DMI since 1988 where she provided IT systems engineering to a variety of Federal agency missions including those of the Intelligence Community and the DoD. Mari holds a D.Sc. in Engineering Management from the George Washington University\, a MSEE from the University of Southern California\, and a BSME from California State University Northridge. She is also PMI PMP and ISC2 CISSP\, ISSEP\, CCSP certified. \n \n Brian McKenney\nSenior Principal Cybersecurity Architect at MITRE\nBrian McKenney is a Senior Principal Cybersecurity Architect in MITRE Labs’ Cyber Solutions Innovation Center. As Enterprise Security Architecture Capability Area Lead\, he provides consulting on the integration of cybersecurity (including zero trust) capabilities within evolving enterprise\, cloud\, and network security architectures.  Brian is co-author of Zero Trust Architectures: Are We There Yet? \n \n Paul Deakin\nPrincipal Solutions Engineer at F5 Government Solutions\nPaul Deakin is a Principal Solutions Engineer currently working with the DoD group primarily with USAF at F5\, a company focused on delivering industry-leading solutions for application delivery analytics and security. He has twenty years of experience in the technology industry\, with nine years in the security environment\, including leadership roles in directing large-scale projects;  and implementation of software/hardware in complex environments; exposure to a wide variety of businesses including insurance\, manufacturing\, government\, aerospace\, financial\, and healthcare. He holds a master’s degree in computer science and is an F5 Certified Solution Expert in security and Cloud. \n \n Jyoti Wadhwa\, MBA\, CISSP\, HCISPP\, ICP\, CCP\nDirector\, Solutions Architect Cybersecurity at T-Rex Solutions\, LLC\nJyoti is a cyber and digital leader with over 20 years of experience in public and private sectors.  Her strategic perspective and operational experience help teams advance their security initiatives in their modernization journeys.  Partnering with C-suite\, security and compliance teams as the Director of Cybersecurity Solutions Architect\, T-Rex Solutions\, she helps enterprises develop agile\, cloud security strategies that address the needs of today’s hybrid environments.  Her focus is on progressing industry’s adoption of modern cyber requirements including DevSecOps\, Active Cyber Defense\, Cyber Resilience and Zero Trust roadmaps.  As a trusted cyber adviser\, she contributes to industry programs\, such as being a lead author on Zero Trust with the Cloud Security Alliance Research Committee (DC) to uplift knowledge and collaboration in these emerging areas. Jyoti’s broad spectrum of cyber practices and passion for technology stems from prior roles such as\, Cyber and Digital Leader\, Booz Allen\, VP of Technology Marketing\, Trivalent (data protection)\, VP of Technology Marketing\, Arxan Technologies (application protection)\, Director\, Secure Software (application security)\, senior positions at Nortel\, SAP (Plateau Systems)\, and Zayo (AboveNet). \nJyoti is a passionate advocate of women in tech with contributions to associations such as Women in Tech\, mentoring Girls in Tech technology\, a EWF Lift mentor and member of Women’s Society of Cyberjitsu\, ISC 2 northern VA chapter. Jyoti is CISSP\, HCISPP ICP and AWS CCP certified\, holds a Bachelor’s of Commerce from the University of Calgary and a Masters’ of Business Administration in Information Systems from the University of British Columbia. \n Additional Details \nEvent Questions \nIf you have any questions about this event\, please contact the event organizer\, Adnan Sijercic. \n  \nPresentations \nAny presentations made available by the presenters will be emailed to the event participants.   \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. URL:https://isaca-gwdc.org/event/2022-security-cloud-enterprise/ LOCATION:Marymount University\, 1000 N Glebe Rd\, Arlington\, VA\, 22203\, United States ORGANIZER;CN="Adnan Sijercic":MAILTO:outreach@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220423T090000 DTEND;TZID=America/New_York:20220507T170000 DTSTAMP:20220214T114452Z CREATED:20220213T181143Z LAST-MODIFIED:20220214T114452Z UID:28890-1650704400-1651942800@isaca-gwdc.org SUMMARY:CRISC Spring 2022 Review Course DESCRIPTION:The GWDC is sponsoring an intensive 3-day review course for the Certified in Risk and Information Systems Controls™ (CRISC®).  This review course will provide practical advice on preparing for the CRISC exam and specific instruction regarding the job practice areas addressed by CRISC as defined by ISACA® Global. The dates of this course are three (3) consecutive Saturdays: April 23  and 30\, May  7th from 9 am to 5 pm eastern. \nPlease register by April 20\, 2022. \nRegister today! \n  \nWho Should Attend? \nThis event is intended for anyone sitting for the CRISC Exam. Students are expected to have prepared for the exam prior to attending the course. \n  \nCRISC Exam Information \nThe CRISC exam will be offered via Computer-Based Testing (CBT). \nRegistration for the CRISC exam is administered by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \n» Details on the Certification and Exam Registration \n  \nRe-take Discount \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the full policy for discount details. \n»  Discount Details \n COURSE DETAILS AND PREPARATION \n Agenda \nDay 1 \nIntroduction \nIT Risk Identification (Domain 1) \nDay 2 \nIT Risk Assessment (Domain 2) \nRisk Response and Mitigation (Domain 3) \nDay 3 \nRisk and Control Monitoring and Reporting (Domain 4) \nPractice Tests \n  \nMaterials Provided During the Course \nParticipants receive a Study Guide to help them prepare for the CRISC exam. The Study Guide contains a presentation\, a case study\, and 20 quiz questions for each domain in the official CRISC Review Manual. The Study Guide contains additional material such as suggested study approach\, exam taking tips\, list of “must know” vocabulary terms\, and other suggested readings to aid participants in their exam preparation. \n  \nStudy Materials \nThe instructor highly recommends that students purchase the CRISC Review Manual and the CRISC Review Questions\, Answers\, and Explanations Database – 12 Month. Below are the study materials available for purchase from the ISACA Bookstore: \nCRISC Review Manual \nCRISC Review Questions\, Answers & Explanations Manual \nCRISC Review Questions\, Answers & Explanation Database – 12 month subscription \n**It is highly recommended to order these at the earliest opportunity to avoid any possible delays in their availability for the start of the program. \n  \nAdditional Study Resources \nCandidates should review the Exam Candidate Guide and other resources on the ISACA CRISC page as part of their study program.  \n Meet the Instructor \n \n Jim Wiggins\n\nCISSP-ISSEP\, CISM\, CISA\, CySA+\, SCNA\, SCNP\, CAP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M \nJim has over 23 years direct experience in the design\, operation\, management\, and auditing of information technology systems\, with the past 18 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses targeted at federal and government contracting clients.  \nJim is the founder and executive director of the Federal IT Security Institute (FITSI). FITSI is a 501(c)6\, non-profit organization that provides a role-based IT security certification program targeted at the federal workforce. Jim is also the executive director of the FITSI Foundation\, which is a 501(c)3 public charity that runs the Wounded Warrior Cyber Combat Academy (W2CCA). \nCurrently\, as a contractor\, Jim provides education and training support for the Federal Network Resilience Division at DHS and its Continuous Diagnostics and Mitigation program. \nIn 2011\, the Federal Information Systems Security Educators’ Association (FISSEA) named him “Educator of the Year” for the impact he continues to make in the federal workforce. In 2019\, Federal Computer Week (FCW) Named Jim to the “Federal 100” for his work to tirelessly promote cybersecurity education across all branches of the federal government. \n Additional Details \nSpecific Instructions: \n\nGroup Internet-Based. Zoom link delivered prior to the start of the course.\nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\nISACA Greater Washington\, D.C. will not be responsible for the participant’s inability to respond to the polls.\n\nCancellation and Refund Policy:  \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy: \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be directed to the Associate Director of Registrations at registrations@isaca-gwdc.org. \n CPE Information \nEarn up to 21 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey: \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit. \n  \nCPE-Related Details: \n\nPrerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet based\nField of Study:  Information Technology – Technical\n\n  URL:https://isaca-gwdc.org/event/crisc-2022-spring-review/ LOCATION:Virtual Event ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220420T083000 DTEND;TZID=America/New_York:20220421T163000 DTSTAMP:20220401T184344Z CREATED:20220326T155721Z LAST-MODIFIED:20220401T184344Z UID:28975-1650443400-1650558600@isaca-gwdc.org SUMMARY:Seminar - Proactive Security Control Implementation and Vulnerability Mitigation DESCRIPTION:Cyber threat awareness and vulnerability mitigation are key foundations of proactive risk resilience. This Special Seminar will educate participants on approaches to threat awareness and vulnerability mitigation that leverage NIST and FedRAMP guidance and are directly applicable to CMMC requirements. Participants will learn proven approaches to threat awareness and vulnerability mitigation\, participate in exercises applying Federal guidance to an actual system\, and engage in facilitated group discussions.  \nPractical experience with FISMA\, NIST\, FedRAMP\, and cybersecurity in general are beneficial\, but not required. \nPlease register by April 18\, 2022. \nRegister today! \n  \nLearning Objective \nThis course consists of short lectures\, small group discussions and hands on exercises. The learner will engage in real world scenario for threat awareness and mitigation techniques. \n  \nWho Should Attend? \nIT Audit and Cybersecurity professionals looking to strengthen their knowledge of cybersecurity controls\, proactive control implementation techniques\, and development of vulnerability mitigation strategies. Particularly well suited to professionals with cybersecurity controls implementation and Federal RMF/CMMC compliance responsibilities. \n  \nCPE  \nUp to 14 hours of Continuing Professional Education (CPE) credit can be earned for this event.  See the CPE Information section below for additional information. \n  \nAgenda: \nDay 1 \n\nProblem Statements\, An Introduction to Proactive Cyber Risk Management\nVulnerability Mitigation vs Management \nThreat Hunting in Digital and Physical Environments\nProactive use of the NIST Risk Management Framework (RMF)\n\nDay 2 \n\nApplication of Security Controls to an Actual System\nFedRAMP and Cloud Security\nSecure Code Automation\n\n Meet the Instructor \n \n Dr. Babur Kohy \nDr. Kohy is a results-oriented cybersecurity thought leader with hands on experience in multiple cybersecurity domains. He leads security teams across technology domains that include emerging technologies and agile workforce. His Doctor of Cybersecurity Degree research focused on Resolving Dark Web Identities. He regularly lectures and advocates for cybersecurity awareness and education. \nDr. Kohy is the Founder and CEO of CyTalks\, an advanced security and technology research organization. \n Additional Details \nSpecific Instructions: \n\nGroup Internet-Based. Zoom link delivered prior to the event.\nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\nISACA Greater Washington\, D.C. will not be responsible for the participant’s inability to respond to the polls.\n\nPresentations: \nThe instructor will distribute all class materials \n  \nSponsor this Event: \nIf your organization is interested in being an event sponsor\, visit the Chapter Sponsorship page and review the prospectus of sponsorship opportunities.  The page also provides instructions on becoming an event or annual sponsor.   \n  \nCancellation and Refund Policy:  \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n CPE Information \nEarn up to 14 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey: \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit. \n  \nCPE-Related Details: \n\nPrerequisites and Advance Preparation: None\nProgram Knowledge Level: Intermediate\nDelivery Method:  Group Internet based\nField of Study:  Specialized Knowledge – Information Technology\n\nComplaint Policy: \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be directed to the Associate Director of Registrations at registrations@isaca-gwdc.org. URL:https://isaca-gwdc.org/event/2022-proactive-security-control/ LOCATION:Virtual Event ORGANIZER;CN="Noel Nazario":MAILTO:SpecialEvents@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220414T144500 DTEND;TZID=America/New_York:20220414T170000 DTSTAMP:20230201T025735Z CREATED:20220312T143738Z LAST-MODIFIED:20230201T025735Z UID:28936-1649947500-1649955600@isaca-gwdc.org SUMMARY:2022 Annual FISMA and Risk Management Framework Panel Discussion (Free Event) DESCRIPTION:The 2022 Annual FISMA Conference provides a useful update to IT Auditors on the current landscape of efforts to comply with the Federal Information Security Modernization Act of 2014 (FISMA). Come hear perspectives from senior federal executives from the Office of the National Cyber Director\, Office of Management and Budget\, Department of Health and Human Services Office of Inspector General\, and Department of State who play key roles in FISMA compliance efforts. During this session\, we will learn about recent changes to the FISMA metrics and the opportunities and challenges agencies face in complying with FISMA. \nThere are a number of expensive training courses out there – online and classroom – that cover cybersecurity\, cloud computing\, and privacy\, to mention a few. Do not overpay! ISACA GWDC is excited to continue to offer our great lineup of speakers and topics related to the Public and Private sector communities at always-reasonable prices. \nIT advisory or audit professional that serves or supports the Public Sector should attend this event. \nRegistration closed on April 12\, 2022. Participants can use the link below to access CPE Certificates\, feedback survey\, and presentations. Instructions on how to access these resources are located on the Access Your CPE Certificate page. \nView Registration Site! \n  \nEvent Sponsor \nThe ISACA Greater Washington D.C. Chapter is proud to have Cotton & Company as the sponsor and host for this annual event.  Cotton is a gold sponsor of the chapter this year and a long-time supporter of the GWDC. \n \n  \nModerator \n\n \n\n\nVijay A. D’Souza\nPartner\, Cotton & Company\, LLP \nCISSP\, CCISO\, CEH \nVijay A. D’Souza\, CISSP\, CCISO\, CEH\, is a partner with Cotton & Company specializing in cybersecurity assurance efforts. Previously\, Mr. D’Souza spent 20 years with the U.S. Government Accountability Office (GAO)\, where he led a diverse set of audits and reviews of government cybersecurity and information technology issues. His recent work included efforts related to ransomware\, DOD cybersecurity\, the SolarWinds breach\, use of the National Institute of Standards and Technology Cybersecurity Framework\, and IT modernization efforts at the U.S. Department of Agriculture (USDA). He has testified before Congress several times and appeared in national and local media as an expert in cybersecurity issues.  \nMr. D’Souza also led GAO’s Center for Enhanced Cybersecurity\, which provides advanced technical support for GAO’s cybersecurity audits. He previously led GAO’s data analytics activities\, as well as served as a Director in GAO’s Health Care Team. \nMr. D’Souza has an MBA from the University of California Berkeley and a BS in Engineering from the University of Maryland College Park. \n\n  \nPanelists \n\n \n\n\nLarry E. Crosland\nAssistant Director\, Information and Cybersecurity Team Government Accountability Office (GAO) \nLarry E. Crosland is an Assistant Director in the Information Technology and Cybersecurity Team at GAO where he has led cybersecurity-related studies and audits of the federal government. He has 20 years of experience auditing information systems. Prior to joining GAO in 2001\, Mr. Crosland held positions in the private sector and was a member of the U.S. Army. He is a certified information systems security professional and a certified information systems auditor. He holds a Bachelor’s degree in computer science from Francis Marion University.  \n\n  \n\n \n\n\nIrvin McMasters\nAssistant Director\, Cybersecurity and Information Technology Audit Division\, Department of Health and Human Services / Office of Inspector General (HHS/OIG)\nCISA\, CPA \nIrvin McMasters is a Cybersecurity and Information Technology Audit Division (CITAD) Assistant Director at the Department of Health and Human Services (HHS)\, Office of Inspector General (OIG). One of OIG’s top management challenges is “Harnessing Data to Improve Health and Well-Being of Individuals”\, which includes protecting data and systems from misuse.  CITAD is addressing this challenge by utilizing a risk-based approach that considers FISMA results when planning and conducting audits of HHS’s 12 operating divisions.  CITAD has completed impactful audits of agency-wide contingency planning\, incident response controls to ensure cybersecurity\, while also conducting penetration testing (i.e.\, ground truth testing) at several HHS and State agencies.  Irvin is a Certified Information Systems Auditor and a Certified Public Accountant. \n\n\n \n\n\nLisa N. Barr\nDirector of Federal Cybersecurity\, Office of the National Cyber Director \nLisa Barr has over 18 years’ experience in the public and private sector leading and directing projects in Cybersecurity\, IT Strategic Planning\, IT Program Management\, and Risk Management. As a detailee to the Office of National Cyber Director\, Lisa serves as the Director Federal Cybersecurity. Here she leads federal cybersecurity efforts on behalf of the Deputy National Cyber Director and the Federal CISO. Within these 18 years\, she has 12 years within the Department of Homeland Security and the Cybersecurity and Infrastructure Security Agency (CISA). She has held various trusted leadership roles covering cybersecurity policy\, supply chain cybersecurity\, federal cybersecurity governance\, and critical infrastructure resilience. Lisa also served a one-year rotational assignment to the OMB Office of the Federal CIO as a Senior Advisor and program lead for the Federal Acquisition Security Council. Within CISA\, Lisa led federal cybersecurity governance efforts in support of the Continuous Diagnostics & Mitigation (CDM) program\, as well as in broader federal cybersecurity risk management. Previous to her federal service\, Lisa spent several years in the private sector focusing on IT and cyber strategic planning and program management. \nLisa holds a Bachelor’s Degree in English\, a Master’s degree in National Security and Resource Strategy; has received an Executive Chief Information Security Officer certification through Carnegie Mellon; and is a Certified Information Security Manager. \n\n  \nVirtual Meeting Information \n\n This event will be presented through Zoom.\n Prior to the event\, participants must install the Zoom app on their respective devices or use the web-based Zoom. Calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n The ISACA Greater Washington\, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.\n\n  \nEvent Questions and Policies \nRegistration Questions \nIf you have any registration questions about this event\, please contact the chapter using the Registration Contact Form. \nIf you have CPE questions after the event has concluded\, please contact the chapter using the CPE Contact Form. \n  \nCancellation and Refund Policy \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form. \n  \nCPE Information \nEarn up to 2 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit. \n  \nLearning Objective \nAfter attending this event\, attendees will learn about recent changes to the FISMA metrics and the opportunities and challenges agencies face in complying with FISMA. \n  \nCPE-Related Details \n\n Prerequisites: None\n Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet Based\n Field of Study:  Information Technology – Technical URL:https://isaca-gwdc.org/event/2022-fisma-rmf-panel/ LOCATION:Virtual Event ORGANIZER;CN="Jose Torres":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220402T083000 DTEND;TZID=America/New_York:20220423T163000 DTSTAMP:20220403T142301Z CREATED:20220208T215210Z LAST-MODIFIED:20220403T142301Z UID:28855-1648888200-1650731400@isaca-gwdc.org SUMMARY:Information Technology Certified Associate™ (ITCA™) - Cybersecurity Fundamentals DESCRIPTION:The GWDC is sponsoring an intensive 4-day course for the Information Technology Certified Associate™ (ITCA™) – Cybersecurity Fundamentals Certificate.  The dates of this course are: April 2\, 9\, 16 and 23\, 2022 from 8:30 am to 4:30 PM Eastern.  Please register by March 30! \nRegister today! \n  \nThis course introduces learners to cybersecurity\, a growing and rapidly changing field that is becoming increasingly vital to business survival\, job stability\, and national security. Cybersecurity demands skilled professionals who possess the knowledge\, skills\, and ability to address the evolving threat landscape. \nLearners gain insight into the principles of data and technologies that frame and define cybersecurity and the integral role of cybersecurity professionals in protecting enterprise data and infrastructure. \n  \nWho Should Attend? \nIndividuals with little to zero years’ experience in IT\, individuals seeking to pursue or switch to a career in IT\, or individuals seeking to increase their knowledge and skills in their current IT related position. It’s also intended for anyone preparing for the ITCA Cybersecurity Fundamentals certificate exam. \n ITCA Cybersecurity Fundamentals Certificate Exam Information \n ITCA Cybersecurity Fundamentals Certificate Exam \nThe exam will be offered via Computer-Based Testing (CBT). \nRegistration for the exam is administered by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \n» Details on CET Cloud Fundamentals Certificate and Exam Registration \n  \nExam Preparation \nCandidates looking to prepare for the Network and Cybersecurity Fundamentals Certificate Exam should purchase the official study guide and labs here as the exam includes hands on elements. \n Course Objectives and Outline \n Learning Outcomes \nAt the completion of this course learners will be able to: \n\nExplain key concepts and components of cybersecurity\nIdentify the key components of cybersecurity network architecture\nDescribe risk management processes and practices\nIdentify security tools\, threats and vulnerabilities\nDescribe different classes of attacks\nDescribe new and emerging technologies\nAnalyze threats and risks\nAppraise cybersecurity incidents\n\nCourse Outline \nModule 1 Cybersecurity Fundamentals \n\nIdentify the need for cybersecurity.\nExplain cybersecurity concepts.\nIdentify the need for cybersecurity professionals.\nIdentify the main components of telecommunications technologies. \nDifferentiate between types of security.\n\nModule 2 Cybersecurity and Privacy \n\nIdentify the differences between information technology systems and specialized systems. \nDiscuss enterprise cybersecurity roles and responsibilities. \nDefine governance\, risk management and compliance (GRC). \nRecognize the relationships between various security components.\nDefine privacy.\nDistinguish between privacy and security.\n\nModule 3 Service Description and Disruption \n\nIdentify and discuss common causes of service disruption\nExplain Business Continuity Planning\nDescribe the relationship between Business Continuity Planning (BCP) and Disaster Recovery (DR)\nExplain the objectives of information security\n\nModule 4 Threat Landscapes \n\nDefine cyber-risk\nDefine key terms associated with risk.\nIdentify and describe threats to enterprises.\nExplain the process of threat modeling.\nIdentify common types of vulnerabilities.\nIdentify common threat agents.\nDescribe the recent trends in the cyberthreat landscape.\n\nModule 5 Cyberattacks \n\nIdentify attributes of cyberattacks.\nExplain the cyberattack process.\nIdentify cybersecurity attack models.\nIdentify common cyberattacks.\n\nModule 6 Risk Management \n\nDescribe the IT risk management life cycle.\nExplain the supply chain considerations for risk management.\nElaborate the Risk Management Life Cycle.\nDescribe Risk Identification process.\nExplain Risk Assessment and Risk Response.\nDescribe Risk and Control Monitoring.\nNarrate the uses of Risk Assessment results.\n\nModule 7 Security Assets \n\nDistinguish categories of resources used to identify and classify risk.\nExplain system hardening.\nSummarize data protection means and methods.\n\nModule 8 Security Architecture \n\nExplain the concept of security architecture\nDescribe security perimeter\nIdentify components of a security architecture\nRecognize the various security architecture frameworks\nCompare security models\n\nModule 9 Security Controls \n\nExplain defense in depth.\nCompare traditional security and assume-breach philosophies.\nIdentify three main types of security controls.\nDistinguish types of logical access controls.\nIdentify and explain types of administrative controls.\nExplain each component of authentication\, authorization and accounting (AAA).\n\nModule 10 Network Security \n\nDescribe the various network security techniques\nExplain methods to achieve isolation and segmentation\nIdentify network security hardware\nDistinguish types of firewalls\n\nModule 11 Application and Cloud Security \n\nRecognize system life cycle management principles\, including software security and usability.\nIdentify and analyze cloud service models.\nExplain the cloud deployment models.\nDiscuss the risks associated with cloud computing.\n\nModule 12 Software Management \n\nIdentify elements of cryptographic systems\nExplain the encryption techniques and applications \nIdentify and discuss key systems\n\nModule 13 Introducing Security Operations \n\nDiscuss security operations center (SOC) deployment models\nIdentify common SOC functions\, roles\, and responsibilities\nIdentify vulnerability assessment tools\, including open-source tools and their capabilities\n\nModule 14 Testing Technologies and Security Tools \n\nDifferentiate between vulnerability scanning and penetration testing.\nDiscuss common phases of penetration testing.\nIdentify and use common cybersecurity tools.\nDiscuss the components that aid cybersecurity monitoring and detection.\nExplain the basic concepts\, practices\, tools\, tactics\, techniques and procedures for processing digital forensic data.\nIdentify common anti-forensic tactics and techniques.\n\nModule 15 Handling Security Incidents \n\nRecognize incident response and handling methodologies.\nDistinguish between an event and an incident.\nDiscuss the elements of an Incident Response Plan (IRP).\n\n  \n Meet the Instructor \n \n Sushila Nair\nVice President\, Security Portfolio @ NTT DATA Services\, NTT DATA\, Inc.\nCISSP CISM CRISC CISA\nSushila Nair specializes in cybersecurity\, risk\, and audit services. Sushila Nair is a former Member of the Board of Directors for the Greater Washington\, D.C. ISACA Chapter and has presented at CACS\, BrightTALK\, Seguruinfo and many other international events.  She has taught several review courses for the GWDC chapter and ISACA Global. \n Additional Details \nSpecific Instructions: \n\nGroup Internet-Based. Zoom link delivered with registration.\nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\nISACA Greater Washington\, D.C. will not be responsible for the participant’s inability to respond to the polls.\n\nCancellation and Refund Policy:  \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy: \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be directed to the Associate Director of Registrations at registrations@isaca-gwdc.org. \n CPE Information \nEarn up to 32 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey: \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit. \n  \nCPE-Related Details: \n\nPrerequisites and Advance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet based\nField of Study:  Information Technology – Technical\n\n  URL:https://isaca-gwdc.org/event/itca-cyber-2022-spring/ LOCATION:Virtual Event CATEGORIES:Review Courses ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220319T083000 DTEND;TZID=America/New_York:20220409T170000 DTSTAMP:20220214T114436Z CREATED:20220213T175348Z LAST-MODIFIED:20220214T114436Z UID:28885-1647678600-1649523600@isaca-gwdc.org SUMMARY:CISA Spring 2022 Review Course DESCRIPTION:The GWDC is sponsoring an intensive 4-day review course for the Certified Information System Auditor® (CISA®) exam.  This review course will provide practical advice on preparing for the CISA exam and specific instruction regarding the job practice areas addressed by CISA as defined by ISACA® Global. The dates of this course are four (4) consecutive Saturdays: March 19th and 26th\, April 2nd and 9th from 8:30 am to 5 pm eastern. \nPlease register by March 16\, 2022. \nRegister today! \n  \nWho Should Attend? \nThis event is intended for anyone sitting for the CISA Exam. Students are expected to have prepared for the exam prior to attending the course. \n  \nCISA Exam Information \nThe CISA exam will be offered via Computer-Based Testing (CBT). \nRegistration for the CISA exam is administered by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \n» Details on the Certification and Exam Registration \n  \nRe-take Discount \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the full policy for discount details. \n»  Discount Details \n COURSE DETAILS AND PREPARATION \n Agenda \nDay 1 \nModule 1 – The Process of Auditing Information Systems \nModule 2 – Governance and Management of IT \nDay 2 \nModule 3 – Information Systems Acquisition\, Development\, and Implementation \nDay 3 \nModule 4 – Information Systems Operations\, Maintenance\, and Support \nDay 4 \nModule 5 – Protection of Information Assets \n  \nMaterials Provided During the Course \nParticipants receive a Study Guide to help them prepare for the CISA exam. The Study Guide contains a presentation\, a case study\, and 20 quiz questions for each domain in the official CISA Review Manual. The Study Guide contains additional material such as suggested study approach\, exam taking tips\, list of “must know” vocabulary terms\, and other suggested readings to aid participants in their exam preparation. \n  \nStudy Materials \nThe instructor highly recommends that students purchase the CISA Review Manual and the CISA Review Questions\, Answers\, and Explanations Database – 12 Month. Below are the study materials available for purchase from the ISACA Bookstore: \nCISA Review Manual \nCISA Review Questions\, Answers & Explanations Manual \nCISA Review Questions\, Answers & Explanation Database – 12 month subscription \n**It is highly recommended to order these at the earliest opportunity to avoid any possible delays in their availability for the start of the program. \n  \nAdditional Study Resources \nCandidates should review the Exam Candidate Guide and other resources on the ISACA CISA page as part of their study program.  \n Meet the Instructor \n \n Jim Wiggins\n\nCISSP-ISSEP\, CISM\, CISA\, CySA+\, SCNA\, SCNP\, CAP\, IAM\, IEM\, SSCP\, CEH\, ECSA\, CHFI\, LPT\, TICSA\, CIWSA\, Security+\, and MCSE: Security and FITSP-M \nJim has over 23 years direct experience in the design\, operation\, management\, and auditing of information technology systems\, with the past 18 years focused on information systems security. He has an extensive background in technical education and specializes in security certification courses targeted at federal and government contracting clients.  \nJim is the founder and executive director of the Federal IT Security Institute (FITSI). FITSI is a 501(c)6\, non-profit organization that provides a role-based IT security certification program targeted at the federal workforce. Jim is also the executive director of the FITSI Foundation\, which is a 501(c)3 public charity that runs the Wounded Warrior Cyber Combat Academy (W2CCA). \nCurrently\, as a contractor\, Jim provides education and training support for the Federal Network Resilience Division at DHS and its Continuous Diagnostics and Mitigation program. \nIn 2011\, the Federal Information Systems Security Educators’ Association (FISSEA) named him “Educator of the Year” for the impact he continues to make in the federal workforce. In 2019\, Federal Computer Week (FCW) Named Jim to the “Federal 100” for his work to tirelessly promote cybersecurity education across all branches of the federal government. \n Additional Details \nSpecific Instructions: \n\nGroup Internet-Based. Zoom link delivered prior to the start of the course.\nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\nISACA Greater Washington\, D.C. will not be responsible for the participant’s inability to respond to the polls.\n\nCancellation and Refund Policy:  \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy: \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be directed to the Associate Director of Registrations at registrations@isaca-gwdc.org. \n CPE Information \nEarn up to 32 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey: \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit. \n  \nCPE-Related Details: \n\nPrerequisites and Advance Preparation: Students are expected to have prepared for the exam prior to attending the course.\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet based\nField of Study:  Information Technology – Technical\n\n  URL:https://isaca-gwdc.org/event/cisa-2022-spring-review/ LOCATION:Virtual Event ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220318T083000 DTEND;TZID=America/New_York:20220326T170000 DTSTAMP:20220919T155243Z CREATED:20220129T230513Z LAST-MODIFIED:20220919T155243Z UID:28772-1647592200-1648314000@isaca-gwdc.org SUMMARY:Certificate of Cloud Auditing Knowledge (CCAK™) Review Course DESCRIPTION:The GWDC is sponsoring an intensive 4-day review course for the Certificate of Cloud Auditing Knowledge (CCAK™).  The dates of this course are: March 18 -19 and 25 – 26\, 2022 from 8:30 am to 5:00 PM Eastern.  Please register by March 15! \nRegister today! \n  \nThe course will provide knowledge on cloud security assessment methods and techniques\, and will assist students in updating their expertise in cloud and hybrid security auditing. CCAK is a joint project by Cloud Security Alliance® and ISACA®. The CCAK is the first credential available for industry professionals to demonstrate their expertise in the essential principles of auditing cloud computing systems. The CCAK credential and training program fills the gap in the market for technical education for cloud IT auditing. \nThe CCAK course is designed to cover the following five core areas of focus: Cloud governance\, Cloud compliance\, Cloud auditing\, Cloud assurance\, and CSA tools. \n  \nWho Should Attend? \nThis event is intended for anyone preparing for the CCAK exam. Students are expected to have prepared for the exam prior to attending the course. \n  \nRe-take Discount \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the full policy for discount details. \n» Discount Details \nCCAK Exam Information \nCCAK Exam \nThe CCAK exam will be offered via Computer-Based Testing (CBT). \nRegistration for the CCAK exam is administered by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \n» Details on CCAK and Exam Registration \n  \nExam Preparation \nStudents who wish to do the exam should purchase the exam study guide here. The Q&A database is purchased here and is helpful for the exam revision. \nCourse Objectives and Outline \nLearning Outcomes \n\n Demonstrate key concepts of cloud governance and the role of assurance\, transparency and accountability in the cloud.\n Explain cloud risk management and the application of cloud governance tools.\n Devise the designing\, building and evaluating of a cloud compliance program based on laws\, regulations and regulatory standards.\n Apply control objectives\, technical and process controls\, security metrics and relate them to cloud control frameworks\, certification\, attestation and authorisations.\n Define and illustrate how to use the CSA Cloud Control Matrix and the CSA Top Threat Analysis Methodology.\n Build and execute an audit plan that addresses cloud concerns by utilising the Cloud Control Matrix.\n Discuss the impact of continuous assurance and auditing\, cloud automation\, native development and integration models on auditing and compliance .\n Describe the role of the CSA STAR Program.\n\nCourse Outline \nMODULE 1 – Cloud Governance \n\n Overview of governance\n Cloud assurance\n Cloud governance frameworks\n Cloud risk management\n Cloud governance tools\n\nMODULE 2 – Cloud Compliance Program \n\n Designing a cloud compliance program\n Building a cloud compliance program\n Legal and regulatory requirements\n Standards and security frameworks\n Identifying controls and measuring effectiveness\n CSA certification\, attestation and validation\n\nMODULE 3 – CCM and CAIQ Goals\, Objectives and Structure \n\n CCM\n CAIQ\n Relationship to standards: mappings and gap analysis\n Transition from CCM V3.0.1 to CCM V4\n\nMODULE 4 – A Threat Analysis Methodology for Cloud Using CCM \n\n Definitions and purpose\n Attack details and impacts\n Mitigating controls and metrics\n Use case\n\nMODULE 5 – Evaluating a Cloud Compliance Program \n\n Evaluation approach\n A governance perspective\n Legal\, regulatory and standards perspectives\n Risk perspectives\n Services changes implications\n The need for continuous assurance/continuous compliance\n\nMODULE 6 – Cloud Auditing \n\n Audit characteristics\, criteria & principles\n Auditing standards for cloud computing\n Auditing an on-premises environment vs. cloud\n Differences in assessing cloud services and cloud delivery models\n Cloud audit building\, planning and execution\n\nMODULE 7 – CCM: Auditing Controls \n\n CCM audit scoping guidance\n CCM risk evaluation guide\n CCM audit workbook\n CCM an auditing example\n\nMODULE 8 – Continuous Assurance and Compliance \n\n DevOps and DevSecOps\n Auditing CI/CD pipelines\n DevSecOps automation and maturity\n\nMODULE 9 – STAR Program \n\n Standard for security and privacy\n Open Certification Framework\n STAR Registry\n STAR Level 1\n STAR Level 2\n STAR Level 3\n\nMeet the Instructor \n Sushila Nair\nVice President\, Security Portfolio @ NTT DATA Services\, NTT DATA\, Inc.\nCISSP CISM CRISC CISA \nSushila Nair is certified by ISACA International to teach the CCAK Exam Review Course and specializes in cybersecurity\, risk\, and audit services. Sushila Nair is a former Member of the Board of Directors for the Greater Washington\, D.C. ISACA Chapter and has presented at CACS\, BrightTALK\, Seguruinfo and many other international events. \nAdditional Details \nSpecific Instructions: \n\n Group Internet-Based. Zoom link delivered with registration.\n Prior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n ISACA Greater Washington\, D.C. will not be responsible for the participant’s inability to respond to the polls.\n\nCancellation and Refund Policy:  \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy: \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be directed to the Associate Director of Registrations at registrations@isaca-gwdc.org. \nCPE Information \nEarn up to 32 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey: \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit. \n  \nCPE-Related Details: \n\n Prerequisites and Advance Preparation: Fundamental understanding of Cloud \n Program Knowledge Level: Basic\n Delivery Method:  Group Internet based\n Field of Study:  Information Technology – Technical\n\n  URL:https://isaca-gwdc.org/event/ccak-2022-spring-review/ LOCATION:Virtual Event ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220310T083000 DTEND;TZID=America/New_York:20220310T123000 DTSTAMP:20231017T153952Z CREATED:20220222T011645Z LAST-MODIFIED:20231017T153952Z UID:28908-1646901000-1646915400@isaca-gwdc.org SUMMARY:Women in Leadership and Technology 2022 Conference DESCRIPTION:The ISACA Greater Washington DC (GWDC) is proud to host our Women in Leadership and Technology 2022 conference. This conference is our premier annual event centered around the experience of women in leadership positions in sectors such as Technology\, Business\, and Government. The Women in Leadership and Technology 2022 conference seeks to highlight the accomplishments and challenges of female leaders to motivate audiences\, invite awareness\, and open dialogue among professionals of all genders. \nRegister today! \n  \nWho Should Attend? \nBusiness Leaders and Managers\, Executives\, Technologists\, Professionals\, and Students. \nCPE  \nUp to 4 hours of Continuing Professional Education (CPE) credit can be earned for this event.  See the CPE Information section below for additional information. \nConference Topics \nDriving Change from Women Leader’s Perspective\nPresented by Monika Mangla\, CFA – Global Finance Digital Strategy & Transformation Director at Chevron\n \nThe pace of change in the 21st century\, led by technology has created significant opportunities for the businesses\, yet at the same time it has stretched the workforce globally to keep pace with these changes. In this session we will understand how behaviors and cultures are at the root of successful transformations and how a servant leader can help break biases\, motivate the team\, and deliver results with empathy. \n  \nSustaining Your Genius in High-Pressure Environments\nPresented by Annemarie M. Spadafore\, Ph.D\, PCC – Principal at Powerlab Partners \nFeeling burnt-out in your high-pressure environment? There may be interesting currents lurking under the surface of your day-to-day interactions that may drive this feeling. Join me in a fun\, interactive discussion of how we can ensure our best self is present in our work (and personal) relationships\, regardless of external stressors. We may have more control over the seemingly ‘invisible’ factors contributing to our stress than we think. We’ll even discuss how our problems and challenges may\, paradoxically\, make us more functional in the short term. \nMeet the Presenters \n \nMonika Mangla\, CFA – Global Finance Digital Strategy & Transformation Director at Chevron \nMonika is a transformational leader\, enabling global finance transformation at Chevron. She recently led an effort deploying the first S4/HANA Central Finance Solution at Enterprise scale and is currently leading an effort to drive the global tax organization strategy focusing on indirect taxes. Monika received a master’s degree in economics from the University of Maryland – College Park and is a Charter Financial Analyst (CFA). She started her career with KPMG in economics and statistical advisory and moved to Accenture as Senior Manager supporting both outsourcing and strategic business consulting. Monika joined Chevon in 2008 as senior advisor in Upstream Finance and has since held a variety of roles in corporate functions and in operations\, with time in the Gulf of Mexico\, US Deepwater and Thailand. She enjoys reading and traveling in her free time\, often collecting meaningful souvenirs along the way. One can even determine which years Monika lived in Thailand based the collection of animals in her office from the Chinese lunar calendar. \n \nJody R. Westby – CEO at Global Cyber Risk LLC \nDrawing upon a unique combination of more than twenty years of technical\, legal\, policy\, and business experience\, Ms. Westby founded Global Cyber Risk LLC (GCR) in 2000. GCR provides first-tier advisory and technical services to organizations in the areas of cyber governance\, privacy\, cybersecurity\, incident response\, and digital asset inventories and data mapping. Her team has deep expertise in cybersecurity risk assessments against best practices and standards\, including industrial control and SCADA systems used in manufacturing\, utility grids\, and critical infrastructure sectors. Ms. Westby also serves as Adjunct Professor to the Georgia Institute of Technology’s School of Computer Science. She is a professional blogger for Forbes and writes a regular column for Leader’s Edge magazine on cybersecurity issues. \nMs. Westby is a member of the bars of the District of Columbia\, Pennsylvania\, and Colorado. She serves as chair of the American Bar Association’s (ABA) Privacy and Computer Crime Committee (Science & Technology Law Section) and co-chair of the Cybercrime Committee (Criminal Justice Section) and has served four terms on the ABA President’s Cybersecurity Task Force. She co-chaired the World Federation of Scientists’ (WFS) Permanent Monitoring Panel on Information Security and served on the ITU Secretary-General’s High Level Experts Group on Cybersecurity. Ms. Westby is the author of seven books\, all published by the American Bar Association. Her latest publication\, Cyber Governance: Fiduciary Duties in the Digital Age\, builds on her 15 years of experience in the governance of cyber risks and widely recognized series of governance surveys and reports. Ms. Westby led the development of the International Toolkit on Cybercrime Legislation and was editor and co-author of the 2010 UN publication\, The Quest for Cyber Peace. Previously\, she launched In-Q-Tel for the CIA\, was senior managing director at PricewaterhouseCoopers\, was senior fellow and director of IT Studies for the Progress and Freedom Foundation\, and was director of domestic policy for the U.S. Chamber of Commerce. Ms. Westby practiced law at Shearman & Sterling and Paul\, Weiss\, Rifkind\, Wharton & Garrison. \nShe earned a B.A.\, summa cum laude\, University of Tulsa and J.D.\, magna cum laude\, Georgetown University Law Center and was named to the Order of the Coif. Ms. Westby was elected a member of the American Bar Foundation and the Cosmos Club. \n \nAnnemarie M. Spadafore\, Ph.D\, PCC – Principal at Powerlab Partners \nDr. A.M. Spadafore is Chief Executive of PowerLab (www.powerlabpartners.com)\, a public speaking/executive coaching firm providing exceptional value to clients through the innovative synthesis of renowned research and captivating presentations. \nHer knowledge\, ingenuity\, and compelling style is in frequent demand from exacting C-Suite executives leading Fortune 500\, Big 4\, AM Law 50\, and other eminent organizations. \nDr. Spadafore explores the intersection of business and relationship dilemmas. She’s a Harvard-trained organizational behavior expert\, and received a prestigious Fulbright award for research on the socio-politics of the world’s priciest international business dispute. Her expertise regarding the tendency for relationships to derail results/innovation in high-stakes environments originates from client work and diverse experiences\, including at top research/media/consulting companies\, elections work in post-conflict war zones\, and hard-won victories as a lobbyist for a high-profile $145M project. \nDr. Spadafore is the author of “There’s Only ‘I’ in Team\,” available at: https://www.amazon.com/dp/1637306512 and other booksellers. \nNirali Chawla – Managing Director\, Advisory Services at KPMG US \nNirali is a Managing Director in KPMG’s Federal Advisory Services practice with more than 20 years of experience providing a wide range of services to private and public sector clients\, including financial and information technology audit services\, information assurance and Cyber security services\, and entity-wide audit readiness and transformation consulting services. Ms. Chawla currently leads some of the largest federal agencies at the brink of transformational change and growth\, leveraging her knowledge of existing and emerging technologies to uncover IT opportunities for business process and internal controls improvements. Ms. Chawla is the co-author of NIST Special Publication 800-137\, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations\, and holds certifications such as the CISSP\, CISA\, CRISC\, CAP\, ITIL\, and Six Sigma Green Belt. Ms. Chawla is a recognized industry leader in the Information Technology Risk Management and transformation field\, speaking at industry conferences and instructing training seminars. \nAdditional Details \nSpecific Instructions: \n\n Group Internet-Based. Zoom link delivered with registration.\n Prior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\n Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\n ISACA Greater Washington\, D.C. will not be responsible for the participant’s inability to respond to the polls.\n\nPresentations: \nAny presentations made available by the presenters will be emailed to the event participants.   \n  \nSponsor this Event: \nIf your organization is interested in being an event sponsor\, visit the Chapter Sponsorship page and review the prospectus of sponsorship opportunities.  The page also provides instructions on becoming an event or annual sponsor.   \n  \nCancellation and Refund Policy:  \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \nCPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey: \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit. \n  \nCPE-Related Details: \n\n Learning Objective: To highlight the accomplishments and challenges of female leaders to motivate audiences\, invite awareness\, and open dialogue among professionals of all genders\n Prerequisites and Advance Preparation: None\n Program Knowledge Level: Basic\n Delivery Method:  Group Internet based\n Field of Study:  Information Technology – Technical\n\nComplaint Policy: \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be directed to the Associate Director of Registrations at registrations@isaca-gwdc.org. URL:https://isaca-gwdc.org/event/women-leadership-technology-2022/ LOCATION:Virtual Event ORGANIZER;CN="Noel Nazario":MAILTO:SpecialEvents@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220226T083000 DTEND;TZID=America/New_York:20220312T163000 DTSTAMP:20230213T211322Z CREATED:20220118T224626Z LAST-MODIFIED:20230213T211322Z UID:28744-1645864200-1647102600@isaca-gwdc.org SUMMARY:CISM Spring 2022 Review Course DESCRIPTION:The GWDC is sponsoring an intensive 3-day review course for the Certified Information Security Manager® (CISM) Exam. The CISM® review course will provide practical advice on preparing for the CISM exam and specific instruction regarding the job practice areas addressed by CISM as defined by ISACA® Global. The dates of this course are:  three consecutive Saturdays: Feb 26. March 5 and March 12 from 8:30 am to 4:30 PM Eastern. \nPlease register by February 23\, 2022. \nRegister today! \n  \nWho Should Attend? \nThis event is intended for anyone sitting for the CISM Exam. Students are expected to have prepared for the exam prior to attending the course. \n  \nCISM Exam Information \nThe CISM exam will be offered via Computer-Based Testing (CBT). \nRegistration for the CISM exam is administered by ISACA®\, not the GWDC. Registering for this review course does not register you for the exam. \n» Details on Exam Registration \n  \nRe-take Discount \nStudents who take this GWDC review class and do not pass the corresponding Exam are eligible for a one-time 50% discount on the next review class offered by the GWDC for the exam. Please read the full policy for discount details. \n»  Discount Details \n COURSE DETAILS AND PREPARATION \n Agenda \nDay 1 \nModule 1 – Information Security Governance \nModule 2 – Information Risk Management and Compliance \nDay 2 \nModule 3 – Information Security Program Development and Management \nModule 4 – Information Security Incident Management \nDay 3 \nModule 5 – Exam Preparation Strategies \n  \nMaterials Provided During the Course \nParticipants receive a Study Guide to help them prepare for the CISM exam. The Study Guide contains a presentation\, a case study\, and 20 quiz questions for each domain in the official CISM Review Manual. The Study Guide contains additional material such as suggested study approach\, exam taking tips\, list of “must know” vocabulary terms\, and other suggested readings to aid participants in their exam preparation. \n  \nStudy Materials \nThe instructor highly recommends that students purchase the CISM Review Manual and the CISM Review Questions\, Answers\, and Explanations Database – 12 Month. Below are the study materials available for purchase from the ISACA Bookstore: \nCISM Review Manual \nCISM Review Questions\, Answers & Explanations Manual \nCISM Review Questions\, Answers & Explanation Database – 12 month subscription \n**It is highly recommended to order these at the earliest opportunity to avoid any possible delays in their availability for the start of the program. \n  \nAdditional Study Resources \nCandidates should review the Exam Candidate Guide and other resources on the ISACA CISM page as part of their study program.  \n Meet the Instructor \n \n Noel Nazario \nNoel A. Nazario is a technology and business leader that brings a wealth of technical and leadership experience to help clients assess risk\, develop risk mitigation strategies\, envision and realize coherent technology environments\, improve Cybersecurity Program maturity\, establish Incident Response strategy\, and improve IT/OT integration with business strategy. His experience includes business development\, C-level training\, financial systems audit\, technology risk management\, cybersecurity programs and operations\, enterprise architecture\, IT operations and services integration\, cloud management\, and IT governance. Noel’s professional background enables him to work with leaders with diverse perspectives and backgrounds. \nNoel A. Nazario is a Certified Information Security Manager (CISM) and an ISACA Accredited trainer. Noel was the recipient of the GWDC’s 2018 V. Lee Conyers Award. He participates in multiple industry groups and is a frequent conference host and speaker. Noel started his technology career as an Electronics Engineer for the National Institute of Standards and Technology (NIST) Computer Security Division. He transitioned to the private sector to work for KPMG\, EY\, and Grant Thornton in roles that ranged from Senior Associate to Senior Manager and Director. He later started a consulting firm and is now a Senior Director at Annuk Inc\, where he leads the IT Architecture Review Board for the Washington Metropolitan Area Transit Authority and supports other clients. \n Additional Details \nSpecific Instructions: \n\nGroup Internet-Based. Zoom link delivered with registration.\nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\nISACA Greater Washington\, D.C. will not be responsible for the participant’s inability to respond to the polls.\n\nCancellation and Refund Policy:  \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n  \nComplaint Policy: \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be directed to the Associate Director of Registrations at registrations@isaca-gwdc.org. \n CPE Information \nEarn up to 21 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey: \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit. \n  \nCPE-Related Details: \n\nPrerequisites and Advance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet based\nField of Study:  Information Technology – Technical\n\n  URL:https://isaca-gwdc.org/event/cism-2022-spring-review/ LOCATION:Virtual Event ORGANIZER;CN="Clifton Persaud (Certifications Program and Special Assistance Requests)":MAILTO:certifications@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220222T083000 DTEND;TZID=America/New_York:20220222T123000 DTSTAMP:20220222T055725Z CREATED:20220110T163819Z LAST-MODIFIED:20220222T055725Z UID:28716-1645518600-1645533000@isaca-gwdc.org SUMMARY:IT Audit Conference 2022 DESCRIPTION:The ISACA GWDC is proud to host our annual IT Audit Conference 2022 with a focus on DOD and Civilian environments on February 22nd. IT audit and assurance continue to transform with the ever-changing environment. In the Federal Government\, auditors are especially challenged with the ever-increasing use of technology such as artificial intelligence\, robotic process automation\, machine learning\, and evolving business practices yet sometimes slow to adopt compliance rules. How does the profession maintain assurance in this evolving and ever-changing environment? Come to our IT Audit Conference 2022 and find out tips and tricks from local experts. \nPlease register by February 20\, 2022 \nRegister today! \n  \nWho Should Attend? \nTechnology enablement professionals\, IT advisory or audit professionals\, Business executives\, Cybersecurity professionals\, students or professionals interested in IT Audit. \nCPE  \nUp to 4 hours of Continuing Professional Education (CPE) credit can be earned for this event.  See the CPE Information section below for additional information. \n Topics of the IT Audit Virtual Conference \n Update from GAO on the new Cybersecurity Audit Methodology Manual\nPresented by Jennifer Franks\, United States Government Accountability Office (GAO)\nGAO has designated information security as a government-wide high-risk area since 1997. The Federal Information Security Modernization Act of 2014 requires federal agencies to apply National Institute of Standards and Technology (NIST) security standards in implementing their information security programs. Currently\, Federal Information Systems Control Audit Manual (FISCAM) serves as GAO’s methodology for performing audits to determine the adequacy of information security for federal systems. Since FISCAM was last revised in 2009\, NIST has issued new guidelines to reflect advances in cybersecurity in areas such as security risk management and cloud computing. Come learn how GAO will be updating FISCAM for financial audits\, and the creation of a new cybersecurity audit methodology manual for our cybersecurity audits. This new cybersecurity methodology will provide relevant and current guidance to the audit community that reflects changes that have occurred in IT-related auditing requirements\, standards\, and guidance. \n DoD Office of the Under Secretary of Defense (Comptroller) (OUSD) Financial Improvement and Audit Readiness (FIAR) IT Initiatives\nPresented by James Davila\, DoD OUSD(C) FIAR Office\, Bradley Keith and Bobbi Markley\nAs the largest federal agency\, the Department of Defense (DoD) represents slightly more than half the entire federal budget – $770 billion in FY 2022. As required by the CFO Act of 1990\, the DoD underwent its first full Agency-wide financial statement audit in 2018. While that sounds simple enough\, DoD audit equates to 26 individual stand-alone financial statement audits conducted by eight Independent Public Accountants\, and one consolidated audit conducted by the DoD Office of Inspector General of the Defense Agencies and Field Activities. In addition\, the Department’s Service Organizations represent 29 Statement on Standards for Attestation Engagements (SSAE) No. 18 Examinations that are separate from the financial statement audits. \nFor the third consecutive year\, the DoD received a Disclaimer of Opinion\, with just 30% of audits resulting in an Unmodified Opinion. Roughly half of the deficiencies noted by the auditors related to IT controls. In fact\, the financial statement audits are identifying testing exceptions that should not be possible for systems with an Authority to Operate. \nDuring the course of this discussion\, we will provide a summary of the total number of IT NFRs identified by the DoD auditors\, the exception conditions leading to the issuance of the IT NFRs\, the NIST (and other) criteria being cited by the auditors\, and how improved self-assessment procedures can assist the DoD prevent similar findings in the future. \n Department of Defense (DoD) Financial Statement Audit Results for Fiscal Year 2021\nPresented by Jennifer Hansome (DoD Office of Inspector General) and Brian Royer (DoD Office of Inspector General) \nThe DoD Financial Statement Audit effort is the largest ongoing financial statement audit in the world. The DoD OIG performs audit procedures and oversees independent public accounting firms performing audit procedures on several DoD Components and Agencies.  Join us for a discussion of the role that information technology takes in the auditability of the Department of Defense’s Financial Statements. We will also walkthrough the results & key takeaways from the FY21 audits. \n Auditing the Cloud\nPresented by Sushila Nair\, NTT DATA Services\nThe cloud has changed the way we govern and design security. The shared responsibility model poses challenges whilst when leveraged correctly also provides great benefits. This session will highlight the tools you should leverage to deliver and simplify cloud audits. It will also cover the CCAK which is the new ISACA cloud audit qualification developed in conjunction with the Cloud Security Alliance. \n Meet the Presenters \n Jennifer Franks\nDirector\, Government Accountability Office’s Information Technology and Cybersecurity\nJennifer R. Franks is an Director in GAO’s Information Technology and Cybersecurity team. She leads audit teams that perform agency-specific reviews in the areas of cybersecurity\, and IT management and operations. Her work primarily focuses on emerging cybersecurity issues and assessing an agency’s ability to protect the confidentiality\, integrity\, and availability of its sensitive data and computing infrastructure. Her multi-disciplinary teams actively review agencies’ computer security vulnerabilities across their enterprise-wide computing environment by assessing program management compliance and technical controls recommended for the agencies to follow in accordance with federal guidance and leading practices. Ms. Franks has led reviews at the Internal Revenue Service\, Department of Veterans Affairs\, Office of Personnel Management\, National Aeronautics and Space Administration\, Nuclear Regulatory Commission\, Centers for Disease Control and Prevention\, and Department of Agriculture\, among others. Further\, at GAO\, she is a certified adjunct faculty member and facilitates Diversity\, Equity & Inclusion courses\, such as-Navigating Unwritten Rules; The Power of the Unconscious Bias; Open-Minded & Mindfulness; Recognizing Ageism in the Workplace; and Workplace Civility. Ms. Franks received a B.S. in Computer Information Systems from Hampton University\, and a M.S. in Information Security Policy and Management from Carnegie Mellon University. \n James Davila\nOUSD(C) FIAR Office\, Department of Defense\nMr. James Davila has over thirty years of accounting and finance experience in the DoD. He joined the OUSD(C) FIAR Office in Oct 2015 as a staff accountant after serving with DFAS for fifteen years. Mr. Davila currently oversees service provider relationships to ensure DoD maximizes the use of SSAE No. 18s\, including 19 service providers (eight DoD and eleven non-DoD) including cloud providers\, totaling 49 SSAE 18 SOC 1 reports. He also leads the IT audit engagement for more than 40 Other Defense Organizations supporting the DoD-wide consolidated audit\, and oversees tracking and reporting on about 300 IT audit relevant systems in response to Congressional\, GAO\, DoD IG and DoD senior leader inquiries. He leads multiple Councils and working groups to address high priority enterprise-wide access control deficiencies and is the Office of the Under Secretary of Defense\, Comptroller\, lead for the Identity\, Credential and Access Management (ICAM) initiative. \nMr. Davila has received numerous financial management recognition awards and is recognized as a leader in the DoD’s field of accounting. He is a member of the Washington Chapter of the American Society of Military Comptrollers and the Virginia Society of Certified Public Accountants. \n Jennifer Hansome\nArmy Financial Statements Division\, Department of Defense Office of Inspector General\nMs. Jennifer Hansome is a Project Manager in the Army Financial Statements Division in the OIG Financial Management and Reporting Directorate Indianapolis Field Office. Ms. Hansome has led and managed teams in completing oversight projects including the Army General Fund and Working Capital Fund financial statement audits\, and multiple system and organization control (SOC1) engagements\, with an area of emphasis on the Army’s information technology systems. Ms. Hansome also led and performed other audits including valuation of Army inventory\, a review of the Army’s Logistics Modernization Program system architecture\, and a congressionally requested project on DoD-wide Enterprise Resource Planning systems. Ms. Hansome holds a Certified Public Accounting license and Bachelors’ of Science Degree in Managerial Accounting from the University of Indianapolis. \n Brian Royer\nFinancial Management and Reporting Directorate\, Department of Defense Office of Inspector General\nMr. Brian Royer is a Team Leader in the OIG Financial Management and Reporting Directorate in Alexandria\, Virginia. Mr. Royer has led teams in completing oversight of Information Technology projects including Defense Civilian Pay System\, Defense Information Systems Agency\, and Other Tier 3/4 Agency IT Audits. Mr. Royer also led performance audits including auditing Complementary User Entity Controls (CUECs) listed in multiple system and organization control reports (SOC1). Mr. Royer is a Project Management Professional (PMP)\, and holds a Master’s in Business Administration and a Bachelors’ of Science Degree in Accounting from Indiana University of Pennsylvania. \n Sushila Nair\nVice President of Security Services\, Chief Digital Officer\, NTT DATA Services\nSushila has over 25 years of experience in computing infrastructure\, business and security\, including a decade as a chief information security officer. She has worked in diverse areas across telecommunications and cybersecurity\, from risk analysis to credit card fraud to serving as a legal expert witness. An experienced cybersecurity thought leader\, she has published numerous articles in the computing press\, and presented in global technical events. She plays an active role in supporting best practices and skills development within NTT DATA as well as across the cybersecurity community.  \nShe has published numerous articles in the computing press on risk and security\, and has spoken at Segurinfo\, Microsoft TechED\, TechMentor\, The Windows Show\, FinSec and many other global technical events on diverse subjects ranging from managing risk to designing security baselines. \n Bradley Keith CPA\, CISA\, CGEIT\, CDFM\, PMP \nDirector\, Guidehouse\nMr. Keith is a Director with Guidehouse LLP.  He has over 25 years of experience providing IT and business process control audit\, audit readiness\, and assessment experience for commercial and government clients. For the last 10 years\, Mr. Keith has been assisting the Department of Defense with preparing for financial statement audits and SSAE No. 18 examination engagements. In these roles\, he has contributed to the following: \n– Assisted the GAO in updating the Federal Information System Controls Audit Manual (FISCAM). \n– Assisted OUSD(C) in preparing the Financial Improvement and Audit Readiness (FIAR) Guidance\, the succeeding DoD Internal Control Over Financial Reporting and DoD Financial Statement Audit Guides\, and policy memos directing actions to advance financial statement audit and SSAE No. 18 success. \n– Assisted OUSD(C) and DoD CIO develop a Financial Management Systems overlay for the Risk Management Framework systems assessment and authorization process. \n-Assists OUSD(C) in evaluating IT Notifications of Findings and Recommendations (NFRs) and associated Corrective Action Plans. \n– Assists in reviewing DoD\, Federal Agency\, and Commercial SSAE No. 18 reports for compliance with DoD requirements. \n– Assists DoD Service Organizations prepare for and perform SSAE No. 18 Examinations. \n– Assists OUSD(C) in the Financial Management System functional sponsor role for Identity\, Credentialing\, and Access Managements (ICAM) solutions. \nHe looks forward to sharing the results of some of these activities with this group and along with some ideas where system accreditation and internal controls testing efforts can be modified to improve audit results.  \n Bobbi Markley\nManaging Consultant\, Guidehouse\nMs. Markley is a Managing Consultant with Guidehouse LLP.  She has over 30 years’ experience providing solutions for public and private sector clients in the defense\, financial\, automotive\, manufacturing\, and utilities industries.  She is former SAP ERP system integrator with deep knowledge of operational and technology controls and specialist skills in internal controls\, risk and governance\, information security/protection\, program/project management\, regulatory compliance and software quality assurance.  She currently supports numerous initiatives under the Office of the Under Secretary of Defense\, Comptroller\, and leads the development of the second-generation Risk Management Framework (RMF) Financial Management (FM) Overlay. \n Additional Details \nSpecific Instructions: \n\nGroup Internet-Based. Zoom link delivered with registration.\nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\nISACA Greater Washington\, D.C. will not be responsible for the participant’s inability to respond to the polls.\n\nPresentations: \nAny presentations made available by the presenters will be emailed to the event participants.   \n  \nSponsor this Event: \nIf your organization is interested in being an event sponsor\, visit the Chapter Sponsorship page and review the prospectus of sponsorship opportunities.  The page also provides instructions on becoming an event or annual sponsor.   \n  \nCancellation and Refund Policy:  \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n CPE Information \nEarn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey: \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit. \n  \nCPE-Related Details: \n\nPrerequisites and Advance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet based\nField of Study:  Information Technology – Technical\n\nComplaint Policy: \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be directed to the Associate Director of Registrations at registrations@isaca-gwdc.org. URL:https://isaca-gwdc.org/event/2022-itaudit-conference/ LOCATION:Virtual Event ORGANIZER;CN="Jose Torres":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220203T150000 DTEND;TZID=America/New_York:20220203T170000 DTSTAMP:20220203T105923Z CREATED:20220110T195334Z LAST-MODIFIED:20220203T105923Z UID:28713-1643900400-1643907600@isaca-gwdc.org SUMMARY:Diversity\, Equity\, and Inclusion in Technology 2022 Panel DESCRIPTION:ISACA GWDC is proud to host our Diversity\, Equity\, and Inclusion (DEI) in Technology 2022 panel on February 3rd. Attendees of ISACA GWDC’s DEI in Technology 2022 panel will learn how DEI initiatives contribute to organizational culture\, help with effective governance\, and why it STILL matters. \nThere is no fee for this event!  Please register by February 1\, 2022. \nRegister today! \n  \nWho Should Attend? \nTechnology enablement professionals\, IT advisory or audit professionals\, Business executives\, Cybersecurity professionals\, students or professionals. \nCPE  \nUp to 2 hours of Continuing Professional Education (CPE) credit can be earned for this event.  See the CPE Information section below for additional information. \n Meet the Moderator \n Jermaine Stanley\nISACA Greater Washington DC Chapter – Vice President\nJermaine Stanley is a Cybersecurity\, IT Risk Advisory leader with more than 25 years of experience working with Financial Services\, Technology\, Insurance\, Non-Profit\, and Government organizations. A strong passionate technology leader with a reputation for building teams\, mentoring\, and a passion for creating diverse\, equitable\, and inclusive cultures\, who strives to help leaders build\, launch and lead initiatives that promote Diversity\, Equity\, and Equity (DEI) within their organizations. Currently\, Jermaine serves as a Security & Compliance SME for Proofpoint. Mr. Stanley is the Vice President of ISACA Greater Washington (GWDC) DC Chapter\, one of the oldest chapters and is currently ISACA’s largest chapter. He also is a Board member of One in Tech\, an ISACA Foundation. In previous roles\, Jermaine has published white papers\, participated in and moderated panel discussions on Cybersecurity and Cloud computing. Mr. Stanley holds a Master’s in Software Engineering\, a BS in Electrical Engineering\, and the CISA and CDPSE certifications. \n Meet the Panelists \n Quisha Cherry\nCivilian Practice Lead\, Kearney & Company\, P.C.\nQuisha Cherry is a Federal Financial Management professional with nearly 20 years of management consulting experience. Her focus is delivering OCFO operations strategy\, digital finance solutions\, process optimization\, and large complex program management. She currently leads Kearney’s Civilian Practice delivering a variety of financial solutions to federal clients. Prior to joining Kearney\, Ms. Cherry was a leader in Deloitte’s Government and Public Services Practice focusing on Finance and Enterprise Performance solutions. Ms. Cherry is a graduate of the Yale School of Management’s Executive Leadership Program. She also has a BS in Accounting and master’s in administration.  Ms. Cherry’s true workplace passion is creating a people first culture and she dedicates much of her time to understanding and implementing the practices necessary to do so. She believes people are the greatest asset of any organization. \n Dimple Ahluwalia\nVP and Managing Partner\, Security Consulting & Systems Integration\, IBM\nWith nearly 20 years of experience helping clients with their cybersecurity needs\, Dimple leads the Consulting and Systems Integration Services business globally for IBM Security. Previously\, Dimple was the Global Cybersecurity Managed Services Partner at Ernst & Young (EY). Prior to that role\, she served as the Business Information Security Officer (BISO) of IBM Security with the responsibility for managing the business unit’s IT security policy and risks\, helping protect systems and data\, driving security and privacy by design into their products and services\, and supporting enterprise programs for cyber threat detection\, incident response and compliance. She has held various security roles over the years at IBM\, including leading a global team of solution design architects\, managing the North America security consulting and systems integration business\, conceiving a company-wide program for secure engineering and product security incident response for their products\, and running a customer support organization. Dimple earned a master’s degree in international business transactions and a bachelor’s degree in marketing from George Mason University. Dimple is passionate about promoting diversity in the cybersecurity industry. At IBM\, she has held leadership roles for initiatives aimed at promoting women in security and driving diversity in technical roles. She continues to mentor several women who are at different stages of their career in security and has supported a global program dedicated to educating middle school and high school girls about cybersecurity. \n Christine Burkette\nChief Executive Officer\, Promising Integration Consulting Firm\, Inc. (PICF Inc.)\nOver the past 12 years\, Christine has worked in fortune 500 companies from General Motors to ProQuest in the role of Corporate Trainer\, Senior IT Project Manager\, IT Consultant and Business Strategist. As the former CIO of Detroit Public Schools Community District\, while managing clients for her company\, Christine prides herself on setting an example of what can be accomplished when you are a black woman working in a field usually dominated by men\, with over 15 years’ experience in the IT industry. Her background in technology ranges from software development\, large scale deployment\, infrastructure design and implementation\, data center management\, innovative technology solutions\, IOS integration\, disaster recovery\, biometrics\, to SQL/cloud server. PICF\, Inc. services range from K12 online learning to cyber security. Her client’s range K12 school districts\, colleges\, healthcare companies\, small startup companies\, athletes with individual product lines to federal contracts.  Christine is the CEO of Promising Integration Consulting Firm\, Inc. (PICF Inc.)\, a black women owned IT consulting firm\, and CEO and inventor of The 5F’s to Love\, LLC. relationship compatibility app and lifestyle brand. \n Sam Jamison\nSenior Manager\, EY\nSam Jamison is a Senior Manager consultant at EY based out of the Greater Washington DC area. Sam currently supports EY’s Government and Public Sector (GPS) practice where he co-leads the EY Federal Supply Chain Risk Management (SCRM) solution capability. This involves establishing the programmatic and technical infrastructure needed to support clients with their SCRM and Third Party Risk Management (TPRM) needs. \nSam has more than 15 years of IT program management experience in IT risk management\, enterprise risk management\, program risk management\, project management and delivery on system integration projects. Sam manages federal third-party risk management programs\, assessing in-place controls to mitigate risks from both suppliers and services.\nPrior to joining EY back in 2013\, Sam worked at Deloitte within their Government and Public Sector Practice and prior to Deloitte was in the industry supporting a Consumer Packaged Goods Company’s IT organization for 7.5 years. \n Marvin Muhumuza\nSenior Manager\, Cotton & Company\nMarvin Muhumuza directs\, manages\, and serves in information assurance and cybersecurity capacity for financial statement audits conducted in accordance with Government Auditing Standards. He is experienced in applying applicable Office of Management and Budget (OMB)\, Government Accountability Office (GAO)\, National Institute Standards and Technology\, and COBIT frameworks and standards. He also has extensive consulting experience for multiple commercial organizations\, primarily focusing on risk and internal control assessments\, financial system implementation\, evaluating agencies for audit readiness\, and compliance with internal control standards and generally accepted accounting principles.\nMarvin is a Senior Manager consultant at Cotton & Company LLP\, currently supporting their assurance practice for federal agencies and commercial clients to help lower the organization’s risks and increase their security posture of information systems environments. He has more than 15 years of diversified consulting experience in information system audits\, cybersecurity\, enterprise mobility solutions\, compliance\, and risk management.\nMarvin believes that Diversity\, Equity and Inclusion in a workplace is non-negotiable in the 21st Century. He is a member and former board member of ISACA- DC Chapter (GWDC). He holds a Master of Business Administration (MBA) from Johns Hopkins University; CISA\, CDPSE\, CMMC-RP\, and ITIL Certifications.\n Sophia Carlton\nFraud & Financial Crimes Manager\, Accenture\nSophia is a Manager in Accenture’s Fraud & Financial Crimes consulting practice\, specializing in fraud strategy\, fraud risk and maturity assessments\, and fraud prevention solutions. She has spent the last 6+ years helping clients solve their toughest fraud challenges. Throughout her consulting career\, she has served as a local\, regional and national lead of LGBTQ+ business resource groups with a focus on providing personal and professional development opportunities for LGBTQ+ employees and allies and leading initiatives to enhance LGBTQ+ equality in the workplace and beyond.  Sophia is a recognized and award-winning thought leader; winning two author awards and contributing as a lead author in the development of fraud risk management guidance used both in government and in the private sector. Sophia is a Certified Fraud Examiner (CFE) and holds a M.S. in Accounting from James Madison University. \n Additional Details \nSpecific Instructions: \n\nGroup Internet-Based. Zoom link delivered with registration.\nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\nISACA Greater Washington\, D.C. will not be responsible for the participant’s inability to respond to the polls.\n\nPresentations: \nAny presentations made available by the presenters will be emailed to the event participants.   \n  \nSponsor this Event: \nIf your organization is interested in being an event sponsor\, visit the Chapter Sponsorship page and review the prospectus of sponsorship opportunities.  The page also provides instructions on becoming an event or annual sponsor.   \n  \nCancellation and Refund Policy:  \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n CPE Information \nEarn up to 2 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey: \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit. \n  \nCPE-Related Details: \n\nPrerequisites and Advance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet based\nField of Study:  Information Technology – Technical\n\nComplaint Policy: \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be directed to the Associate Director of Registrations at registrations@isaca-gwdc.org. URL:https://isaca-gwdc.org/event/2022-diversity-inclusion-panel/ LOCATION:Virtual Event ORGANIZER;CN="Jose Torres":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220119T140000 DTEND;TZID=America/New_York:20220119T150000 DTSTAMP:20220129T133926Z CREATED:20211208T050848Z LAST-MODIFIED:20220129T133926Z UID:28620-1642600800-1642604400@isaca-gwdc.org SUMMARY:Panel Discussion with EY: Software Asset Management and Risk Mitigation DESCRIPTION:Panel Topic: How do you change your organizational risk profile by enabling business insights from better software asset management? \nThe traditional IT outsourcing market is amidst a seismic shift as clients move applications to the cloud\, spreading complex workloads across hybrid clouds to multi-cloud\, multi-tenant environments\, driving the need for robust cloud-enabled Software Asset Management (SAM) services. The panel will discuss the role of Software Asset Management (SAM) as a foundational building block to effectively managing enterprise risk. SAM services enable software license compliance\, spend optimization\, and deliver technology driven insights that power digital transformation. \nThe ISACA GWDC is proud to host a panel discussion with our platinum sponsor EY.  Join us for a timely discussion of this important topic. \nWho Should Attend? \nTechnology enablement professionals\, IT advisory or audit professionals\, Business executives\, Cybersecurity professionals\, students or professionals interested in learning more about software asset management. \nCPE  \nUp to 1 hour of Continuing Professional Education (CPE) credit can be earned for this event.  See the CPE Information section below for additional information. \n Presented by Our Platinum Sponsor\, EY \nThis panel discussion is presented by GWDC Platinum Sponsor\, EY.  We are honored to host this event with EY to provide you with an opportunity to learn more about software asset management and risk mitigation. \n \n \n Register Today!\n \n There is no fee for this event. \nPlease register by January 17\, 2022 \n Meet the Panelists \n \n Frank Venezia\nManaging Director\, Americas Managed Services practice\, EY\nUS Leader of EY’s Software Asset Management solution\nFrank Venezia is a Managing Director in the Americas Managed Services practice of EY and is the US leader of EY’s Software Asset Management solution. He has over 20 years of experience advising businesses and clients on IT infrastructure and SW Asset Management (SAM) solutions. He has experience in SAM/ITAM governance processes and procedures\, IT vendor management and contract optimization\, SW compliance and verification\, SW license optimization and ITAM managed services. His experience spans multiple industries\, including Banking\, Insurance\, Manufacturing and Telecommunications. He is a member of the International Association of Information Technology Asset Managers (IAITAM)\, and holds the Certified Asset Manager Security Expert (CAMSE) certification. Prior to joining EY\, Frank served as a Senior VP at Siwel responsible for Siwel’s Client Executive and Technical Services teams\, including their Data Analytics practice\, and served as the Subject Matter Advisor for the SAM solution offerings. He was also responsible for Siwel’s Asset Management Center of Excellence\, Staffing and Recruiting business unit. He is a regular speaker at IAITAM conferences around the world\, most recently the 2020 IAITAM ACE Conference\, and publishes thought leadership regularly in the ITAK affiliated with IAITAM. \n \n Meg Williams\nSenior Manager Consultant\, Americas Managed Services practice\, EY\nMeg Williams is a Senior Manager Consultant at EY in the Americas Managed Services practice as part of the Software Asset Management solution team. She has over 20 years of experience implementing risk and technology transformation programs for large multi-national organizations. She has developed\, tested\, and implemented complex technology change processes\, coordinating process governance\, mapping process changes to business functions and risks\, and developing and implementing controls and gap assessments. During her tenure in banking\, she managed hundreds of technology vendor and product optimization and rationalization efforts\, driving global data quality programs and reconciling investments in IT asset support back to business continuity and resiliency\, in support of various global regulatory requirements.Driving regulatory\, resiliency and business continuity efforts – from planning to testing to reporting to crisis management\, Meg brings a comprehensive risk perspective to her work. \n \n Kapil Umalkar\nSenior Manager\, Americas Managed Services practice\, EY\nKapil is a Senior Manager with EY’s Americas Managed Services practice as part of the Software Asset Management solution team. Kapil joined EY in 2009 and he has worked across sectors to service clients’ SAM needs. His focus is primarily Software Asset Management (SAM) reviews\, License compliance reviews\, Service Providers License Agreement (SPLA) audits for data centers and SAP license compliance audits\, and he is deeply involved with client delivery across SAM engagements. He brings in technical expertise in networking\, operating systems\, and development of scripts in different programming languages. Kapil is involved in development and testing of the approach for licensing reviews for almost all major software vendors. He specializes in licensing rules\, policies\, terms and conditions and their application. \n \n Joe Foster\nManager Consultant\, EY\nJoe Foster is a Manager Consultant at EY based out of Charlotte\, NC. She focuses on Software Asset Management (SAM) process integration and holds a CSAM certification. She is experienced at designing\, solutioning\, and implementing risk management and technology transformation programs for large domestic and global clients at varying stages of technology maturity. She has extensive experience with GSEs\, Financial Services firms\, and delivering Managed Services programs to clients across sectors and geographies. \nJoe has teamed closely with clients to design\, test\, and deliver complex technology solutions working hand in hand with technical teams ensure knowledge transfer\, trust\, and effective teaming and collaboration. She has experience managing discovery\, solution design\, contracting and implementation for several large Managed Services clients\, including SAM clients. \nHer experience also includes growing EY’s Managed Services offerings to meet clients’ most pressing business needs\, with particular focus on SAM\, Third Party Risk Management\, Testing\, and Regulatory Reporting. She worked with offering and technical teams to architect strategies for offering growth\, scalability\, and client delivery. \n Additional Details \nSpecific Instructions: \n\nGroup Internet-Based. Zoom link delivered with registration.\nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\nISACA Greater Washington\, D.C. will not be responsible for the participant’s inability to respond to the polls.\n\nPresentations: \nAny presentations made available by the presenters will be emailed to the event participants.   \n  \nSponsor this Event: \nIf your organization is interested in being an event sponsor\, please take a look at the five (5) various event sponsorship packages and click this sponsorship link to become a sponsor. \n  \nCancellation and Refund Policy:  \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n CPE Information \nEarn up to 1 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington\, D.C. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org \n  \nCPE Distribution and Evaluation Survey: \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit. \n  \nCPE-Related Details: \n\nPrerequisites and Advance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet based\nField of Study:  Information Technology – Technical\n\nComplaint Policy: \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be directed to the Associate Director of Registrations at registrations@isaca-gwdc.org. URL:https://isaca-gwdc.org/event/2022-panel-ey-sam/ LOCATION:Virtual Event ORGANIZER;CN="Jose Torres":MAILTO:programs@isaca-gwdc.org END:VEVENT BEGIN:VEVENT DTSTART;TZID=America/New_York:20220113T083000 DTEND;TZID=America/New_York:20220113T123000 DTSTAMP:20240911T150447Z CREATED:20211031T031125Z LAST-MODIFIED:20240911T150447Z UID:28569-1642062600-1642077000@isaca-gwdc.org SUMMARY:2022 Emerging Technology Virtual Conference DESCRIPTION:AGENDA | TOPICS | PRESENTERS | ADDITIONAL DETAILS & CPE \n The ISACA GWDC is proud to host our annual 2022 Emerging Technology Virtual Conference on January 13th. This year it is virtual. Technological advances such as artificial intelligence\, augmented reality\, 3D printing\, blockchain\, and 5G will have a significant impact on our daily lives. Organizations and digital-born companies want a competitive edge and are implementing these technologies while leaving the risk of their implementations on audit and security professionals. We need to consider and understand their implications to harness their capabilities to proactively address risks. The ISACA GWDC Emerging Tech 2022 conference features local thought leaders and demonstrations on current and emerging topics related to addressing the risk and impact of new technology. \n 2022 Emerging Technology Agenda:\n– 0830-0930:  Artificial Intelligence Community and Self presented by Dr. Peter Tu (General Electric Research)\n– 0930-1030:  Decentralized Finance (DeFi) presented by Dr. Aleksander Berentsen (University of Basel)\n– 1030-1130:  Quantum Policy: Modernizing Law and Policy to Keep Pace with Technology presented by Ms. April Doss (Georgetown University) \n– 1130-1230:  How Blockchain is Transforming The Mortgage Industry presented by Mr. Michael Hoffman (Guidehouse)\n \n Click Here to Register\n \n WHO SHOULD ATTEND\nTechnology enablement professionals\, IT advisory or audit professionals\, Business executives\, Cybersecurity professionals\, students or professionals interested in learning more about emerging technologies.\n GET A DISCOUNT\nEnjoy discounted or free event pricing and other benefits all year round! Join ISACA GWDC Today!  Check out our calendar of upcoming events for more ISACA GWDC and partner activities. Don’t forget to follow ISACA GWDC on LinkedIn\,  Twitter\, and Facebook for the latest news and information from ISACA GWDC\, ISACA\, and the audit\, governance\, and security profession.\n\n Topics of 2022 Emerging Technology Virtual Conference\n \n Artificial Intelligence Community and Self\nPresented by Dr. Peter Tu\, General Electric Research\nIncreasingly\, artificial intelligence (AI)-enabled agents are interacting with individuals and communities via a myriad of platforms and devices. Physical instantiations include various forms of robots as well as avatars presented via flat screen displays. Commercial products such Amazon’s Alexa and Apple Corporation’s Siri provide for spoken interactions using mobile and in-home devices\, while artificial agents and other online entities are deployed routinely across social media ecosystems.\nIn this presentation\, Dr. Tu will expound on how artificial intelligence and humanity might co-evolve; artificial creative; and life without work.\n Decentralized Finance (DeFi)\nPresented by Dr. Aleksander Berentsen\, University of Basel (Switzerland)\nThe paper ‘Bitcoin: A Peer-To-Peer Electronic Cash System’ describes how several technological components can be linked together to create a virtual asset that is substantially different from any other asset. For the first time in history\, ownership of virtual property is possible without the need for a central authority – a development with the potential to fundamentally change the current financial system and many more areas in business and government.\nIn this presentation\, we focus on decentralized finance (DeFi) which allows for financial transactions of any kind without intermediaries (similar to Bitcoin). We discuss various protocols that allow the user to be ‘his own banker’. In particular\, we show how to trade assets on decentralized exchanges and how to borrow or lend assets on decentralized money markets. Furthermore\, we discuss leverage\, trade derivatives\, bootstrap projects\, farm tokens\, and acquire insurance without any intermediaries.\n Quantum Policy: Modernizing Law and Policy to Keep Pace with Technology\nPresented by Ms. April Doss\, Georgetown University\nThe advent of parallel processing\, cloud computing\, cheap storage\, and ever-expanding ecosystems of apps\, devices\, and data have revolutionized business\, national security and policing\, and everyday life in ways that would have been hard to imagine just a few decades ago. Unfortunately\, many of the laws and regulations governing technology – some enacted decades ago – are far older than the tech we all take for granted. Further complicating matters\, legislatures\, judges\, policymakers\, and lawyers often don’t have a sound understanding of the technologies they’re being asked to advise or legislate on. In order for law and policy to catch up with technology\, we need to dig ever more deeply into interdisciplinary ways of working\, and we need to approach legal review\, compliance programs\, security risk\, and more through a creative lens – a modernization as compelling in the world of tech law and policy as the introduction of quantum physics has been in the world of physical sciences. This session provides an overview of the legal and policy implications of recent trends in cybersecurity\, data privacy\, artificial intelligence\, and other data-driven technologies\, along with a discussion about how to close the ever-growing gap between law\, policy\, and tech. \n How Blockchain is Transforming The Mortgage Industry\nPresented by Michael Hoffman\, Guidehouse\nFor the past few years\, the use of blockchain technology for financial transactions has increased and there are examples of it being used across many industries- from lending\, to insurance\, to processing payments. To date there are an estimated 4\,000 financial assets and processes operating on blockchain technology\, and it’s more than just the buying and selling of bitcoin. Most recently\, we have seen blockchain integrate with the mortgage lending market\, be used in securing title insurance\, and in the same-day settlement of US equities. The US mortgage system is primed for rapid process and technology change\, driven by shifting demographics\, rising consumer expectations\, technological innovations\, and outdated legacy infrastructure. Collectively\, these factors could enable homebuyers\, governments\, and real estate and mortgage-related companies to reimagine US housing finance and homeownership. In response to these trends\, consumer-centric\, digital mortgage\, and housing finance solutions are forming across the US at unprecedented speed and scale. This presentation will discuss how blockchain technology is dramatically improving the efficiency and security of financial transactions and its impending challenges. \n\n Meet the Speakers of 2022 Emerging Technology Virtual Conference\n \n \n Peter Tu\nChief Scientist for Artificial Intelligence\, General Electric\nDr. Tu is the principal investigator for the DARPA-sponsored effort associated with group level behavior recognition at a distance. Currently Dr. Tu is GE’s Chief Scientist for Artificial Intelligence at GE Research. He has helped to develop a large number analytic capabilities including: person detection from fixed and moving platforms\, crowd segmentation\, multi-view tracking\, person reacquisition\, face modeling\, face expression analysis\, face recognition at a distance\, face verification from photo IDs and articulated motion analysis. Dr. Tu has over 50 peer reviewed publications and has filed more than 50 U.S. patents. \nIn 1990 Dr. Tu joined Sony Research in Tokyo Japan\, where he developed a number of computer vision algorithms for man-machine interfaces. While at Oxford University\, his research was devoted to the development of computer vision methods for the automatic analysis of seismic imagery.  In 1997 Dr. Tu became a senior research scientist working at GE Research. In partnership with Lockheed Martin\, he developed a set of latent fingerprint matching algorithms for the FBI Automatic Fingerprint Identification System (AFIS). Dr. Tu has also developed optical methods for the precise measurement of 3D parts in a manufacturing setting. Dr. Tu was the principal investigator for the FBI ReFace project\, which is tasked with developing an automatic system for face reconstruction from skeletal remains. In 2006\, he was the principal investigator for the National Institute of Justice’s 3D Face Enhancer Program. This work was focused on improving face recognition from poor quality surveillance video. \nIn 2008\, Dr. Tu led the GE video analytics team that participated in the DHS STIDP demonstration program – the goal of STIDP is to establish an effective defense against suicide bomber attacks. \n \n Dr. Aleksander Berentsen\nProfessor of Economics at the Faculty of Business and Economics of the University of Basel \nAleksander Berentsen is Professor of Economics at the Faculty of Business and Economics of the University of Basel. His current research focus is DLT\, Blockchain and Cryptoassets\, and nonconventional monetary policy instruments such as negative interest rates and balance sheet extensions. He is currently a research fellow at the Federal Reserve Bank of St. Louis and a member of the advisory board of the thematic equity funds for Credit Suisse Asset Management. He used to be an external advisor for the Swiss National Bank\, the ECB and the Bank for International Settlement. He publishes in top academic journals such as the American Economic Review and the Review of Economic Studies and co-authored the book “Bitcoin\, Blockchain\, and Cryptoassets” published by MIT-Press. \nHe studied at the Universities of Basel and Bern\, and at the London School of Economics\, and held visiting positions at the University of California in Berkeley\, the University of Pennsylvania\, the University of Zurich\, the Free University of Berlin and the Université Paris Dauphine. \n \n April Doss\nExecutive Director\, Georgetown Institute for Technology and Law\nApril Falcon Doss is the Executive Director of the Georgetown Institute for Technology Law and Policy. Prior to that\, April spent over a decade at the National Security Agency\, where she held a number of positions that included managing operational programs and technology innovation efforts\, a posting as an overseas foreign liaison officer\, and serving as the Associate General Counsel for Intelligence Law. Subsequently\, she served as Senior Minority Counsel for the Russia Investigation in the United States Senate Select Committee on Intelligence\, and chaired the cybersecurity and privacy practice of a major U.S. law firm. She is the author of the book “Cyber Privacy: Who Has Your Data and Why You Should Care\,” and is a regular commentator on issues relating to national security\, cybersecurity\, data privacy\, and emerging technologies. She’s appeared on a number of outlets including CNN\, MSNBC\, NPR\, and CBC\, and her articles have appeared in a range of publications including The Atlantic\, The Weekly Standard\, Lawfare\, Bustle\, Just Security\, and the Washington Post. She’s on Twitter @AprilFDoss. \n \n Michael Hoffman\nFinancial Services Director\, Guidehouse\nMichael Hoffman works with clients\, trade organizations and influencers to improve citizen’s\, customer’s and client’s well being via next generation strategy\, solutions and technology designs. As a director in the Guidehouse Public Sector Financial Services Segment\, Michael uses his extensive experience in financial services\, government\, analytics technologies and tech start-ups to advise executives on “why” and “how to” envision\, quantify and execute their strategies to achieve sustainable\, responsible\, measurable\, repeatable excellent outcomes. Michael currently works with government and financial institutions on ways to eliminate expense and risk using emerging technologies such as blockchain\, distributed ledger technologies (DLT)\, Artificial Intelligence (AI)\, institutional wisdom libraries\, digital identity and metaverse design solutions. Michael’s work digiting how US government agencies work with constituents\, banks and citizens have saved tens of thousands of hours and hundreds of millions of dollars across government and financial service companies. Michael’s designs for intuitive\, mobile-first\, financial solutions with embedded risk and performance analytics have modernized several institution’s operations and culture. \n\n ADDITIONAL DETAILS\n \nSpecial Instructions:\n\nGroup Internet-Based. Zoom link delivered with registration.\nPrior to the event\, participants must install the Zoom app on their respective devices. Participants using the web-based Zoom or calling via the phone may not be entitled to CPE credits.\nParticipants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.\nISACA Greater Washington\, D.C. will not be responsible for the participant’s inability to respond to the polls.\n\nPresentations: \nConference presentations are provided to attendees if permission is received from the presenter and their organization. In some cases\, permission is not received. \nSponsor this Event: \nIf your organization is interested in being an event sponsor\, please take a look at the five (5) various event sponsorship packages and click this sponsorship link to become a sponsor. \nCancellation and Refund Policy:  \nCancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details. \nIf ISACA GWDC cancels the event\, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided. \n\n CPE\n \nEarn up to 4 Continuing Professional Education (CPE) credits in the area of Information Technology. The ISACA® Greater Washington\, D.C. is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website:  www.NASBARegistry.org.\nCPE Distribution and Evaluation Survey: \nCPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day and respond to polling questions to receive full CPE credit. \nCPE-Related Details: \n\nPrerequisites and Advance Preparation: None\nProgram Knowledge Level: Basic\nDelivery Method:  Group Internet based\nField of Study:  Information Technology – Technical\n\nComplaint Policy: \nThe GWDC welcomes your comments\, complaints\, suggestions\, questions\, and other feedback concerning our website information and services. All complaints should be directed to the Associate Director of Registrations at registrations@isaca-gwdc.org. URL:https://isaca-gwdc.org/event/2022-emerging-technology-virtual/ LOCATION:Virtual Event ORGANIZER;CN="Jose Torres":MAILTO:programs@isaca-gwdc.org END:VEVENT END:VCALENDAR