Never Trust, Always Verify: The Zero Trust Approach to Cybersecurity

Presenter: Sushila Nair (Capgemini)

Zero Trust is a cybersecurity model that assumes that all resources and services, both internal and external, are not inherently trustworthy, and therefore require strict access control and continuous verification. It’s a departure from traditional perimeter-based security models, which assume that everything inside the network is safe by default.

This presentation will cover the key principles of Zero Trust, including the principle of never trusting, always verifying, the importance of strong identity and access management, and the need for continuous monitoring and analysis of all network activity. We will also discuss the various components of a Zero Trust architecture and how it differs from traditional security models.

Additionally, the presentation will provide an overview of the steps required to implement a Zero Trust architecture, the benefits of Zero Trust, and how Zero Trust can help organizations meet regulatory and compliance requirements. We will also discuss how auditors can assess the effectiveness of a Zero Trust architecture.

By the end of this presentation, attendees will understand the importance of implementing a Zero Trust architecture and how it can help improve their organization’s cybersecurity posture. They will have a solid understanding of the key principles, architecture, and benefits of Zero Trust, as well as how to implement it and how to assess its effectiveness. Overall, the goal is to provide attendees with the knowledge and tools they need to take the first steps toward a Zero Trust architecture.

Taking an Identity-centric Approach to Zero Trust

Presenter: Christine Owen (Guidehouse)

“Identity is the new perimeter” is being repeated over and over again, because it’s true! A viable Zero Trust Architectures requires a mature, enterprise-wide IAM program so an organization can understand who is accessing its resources. Christine will discuss the different IAM tools necessary, and how they interact together to create the foundation of Zero Trust.

Lunch

Data Governance

Presenter: Cortney Worthy (Zoom) and La-Nay Grant (Cisco)

During this session, Cortney will cover the following topics:

• Understanding the difference between Data Governance, Data Privacy and Data Security and why it matters to your organization.
• Why a Data Governance Framework is Foundational to an Organization’s Data Security Strategy? And what Role does Identify Management play In Data Governance?

Resilience in an Era of Disruption

Presenter: Terry Grafenstine (Citi)

We are living in a world where pandemics, social unrest, cyber-attacks, and geo-political tensions are becoming the norm. To survive in this era of disruption, organizations must shift from a traditional Business Continuity/Disaster Recovery (BCDR) model to Enterprise Resilience. In this session, attendees will learn about:

• Impacts of Disruption
• Regulatory Focus on Resilience
• The differences between BCDR and Enterprise Resilience
• Key considerations in an Enterprise Resilience Model

Crack the Cybersecurity Career Code – CISO’s guide to different career paths in cybersecurity

Presenter: Ruchi Shewaramani (WA Health Benefit Exchange)

Do you aspire to join cybersecurity? Already in cybersecurity and aiming to be a CISO? Did you know you do “not” have to be highly technical to excel in cybersecurity?

In this session, Ruchi Shewaramani will present the various career paths to enter and excel in the highly sought after domain of cybersecurity. She will break some popular myths about cybersecurity. You will hear in depth on the various career opportunities across the fields of Application Security, Identity & Access Management, Cloud Security and Governance, Risk and Compliance.

Panel Discussion

Panelists: Cortney Worthy (Zoom), Sarah Abedin (BreaktheTide), K. Casey Watkins (FTI Consulting, Inc.), and Whitney Singletary

During this session, panelists will discuss the following questions:

• Is the glass ceiling still too short?
• How to better support and mentor women in technology.

Networking Social

Immediately following this event, the GWDC will host a networking event. A separate RSVP is required for the networking event.

Sushila Nair
Vice President – North American Cybersecurity Practice at Capgemini
CISSP, GIAC GSTRT, CISA, CISM, CRISC, CDPSE, CCSK, CCAK

Sushila Nair is Capgemini’s Vice President, North American Cybersecurity practice. Capgemini is a global leader in providing secure digital transformation for our clients. Sushila has most recently served as the Vice President for cybersecurity offers at NTT Data Services and has held the role of a CISO for 10 years. Sushila has over 30 years of experience in computing infrastructure, business and security risk analysis, preventing credit card fraud, and served as a legal expert witness. Sushila has been featured in global technical events including RSA, Segurinfo and ISACA’s global conferences, co-authored books and is regularly quoted in the press. She plays an active role in supporting best practices and skills development within the cybersecurity community through her work with ISACA and CSA.

Sushila is part of the ISACA global emerging trends working group and vice president of ISACA Greater Washington, D.C. Chapter. Sushila Nair was named by IT Security Guru as one of the Most Inspiring Women in Cyber 2022!

Christine Owen
Director at Guidehouse

Christine C. Owen is a recovering attorney who found solace as the Zero Trust Lead at Guidehouse. She is interested in securing people, things, applications, devices, and the cloud taking an identity-centric approach. Christine oversees and manages client engagements to provide enterprise IAM and Zero Trust solutions.

Christine learned IAM principles while consulting for an IAM program that encompassed the entire Federal government. She then moved into a sandbox, teaching First Responders how to secure their systems; her work resulted in the ICAM Educational Series, published on the DHS S&T website. In her downtime, Christine enjoys bourbon, her grumpy Westie, and chatting about IAM with anyone who will listen.

Cortney Worthy
Leader of Data Governance & Compliance at Zoom Video Communications

Cortney Worthy is a passionate Data Governance & Management executive with 14+ years experience. A Mississippi native, Cortney relocated to the DC Metro area after obtaining a degree in Finance from the University of Memphis and started a career in government consulting. She has successfully led the stand up of several Chief Data Offices across multiple government agencies to include the Department of Defense, Department of State, and United States Citizenship and Immigration Services. Cortney currently serves as the Leader of Data Governance & Compliance at Zoom Video Communications where she leads the maturation of data governance capabilities. Cortney’s self-proclaimed super power is her ability to “build relationships of influence to lead organizations to data driven insights with governance as a foundation”. When she’s not working tirelessly to ensure your data is safe and secure, she serves as a Girl Scout Leader mentoring the next female generation of developers, engineers, data scientists, and leaders. You can also find her making her way up the charts on the Peloton leader board!

Ruchi Shewaramani
Chief Information Security Officer at WA Health Benefit Exchange

Ruchi Shewaramani is a cyber security executive with 15+ years of experience in Information Technology Security, Identity and Access Management (IAM), Governance, Risk and Compliance (GRC) across Healthcare, Education and Financial institutions. She holds a Masters in Software Engineering from Seattle U. In the last decade, she has managed the security program for various Health and Human Services Agencies in the District of Columbia (DC) and Washington state and successfully cleared numerous federal audits. She specializes in leading HealthCare agencies to secure their data, be compliant with state/federal partners and provide digital trust to the citizens they serve. She is currently serving as the Chief Information Security Officer for WA Health Benefit Exchange and as a Board member for ISACA Greater Washington DC Chapter.

Terry Grafenstine
Chief Auditor, Technology and Business Services at Citi
CPA, CISSP, CISA, CIA, CRISC, CGEIT, CGAP

Terry Grafenstine was appointed as the Chief Auditor for Technology and Business Services in November 2020. She is responsible for leading the Internal Audit teams covering technology infrastructure, cyber, resilience, platforms and applications within businesses and functions, and global business services. Terry joined Citi in April 2019 as the Chief Auditor of Cyber, Third Party Risk Management, and Business Continuity.

Terry has over 25 years of experience in the internal auditing and information technology profession. Before joining Citi, Terry was a Managing Director in Deloitte’s Risk and Financial Advisory practice where she provided strategic advisory services to Chief Audit Executives across all commercial industries and IT audit, risk, and governance advisory services to first line executives in the defense and national security space. Prior to joining Deloitte, Terry served for eight years as the appointed Inspector General of the U.S. House of Representatives, where she designed, managed, and delivered audit and investigative services, including the annual financial statement audit and a comprehensive cyber assurance program.

Terry has held numerous leadership roles to support the auditing, accounting, and information technology profession, including as ISACA’s Global Chair (2017-2018) and as a member of the AICPA board of directors. She currently serves on both the IIA’s North American and Global Boards of Directors. Terry speaks globally on a wide range of subjects, including cyber security, internal auditing, accounting standards, resilience, leadership, and risk. In 2019, the Institute of Internal Auditors (IIA) recognized Terry as one of the “Top Ten Audit Thought Leaders of the Decade” and inducted Terry into their Hall of Distinguished Audit Practitioners, the highest honor given by the IIA’s North American board for the accomplishments and contributions made by individuals to advance the internal audit profession. She has received numerous awards and accolades, including FedScoop’s “Golden Gov Federal Executive of the Year,” the Greater Washington DC Society of CPAs “Government CPA Leader of the Year”, the NY Metropolitan ISACA Chapter’s “Joseph J Wasserman Cyber and Governance Leader of the Year,” and ISACAs “Common Body of Knowledge” and “Best International Conference Speaker of the Year” awards.

Terry holds a bachelor’s degree in Accounting from Saint Joseph’s University and is a Certified Public Accountant (CPA), Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Internal Auditor (CIA), Certified In Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), and Certified Government Auditing Professional (CGAP). Terry has been with Citi IA for 4 years, has 29 years of auditor experience and 2 years of non-auditor experience.

Sarah Abedin
Founder and CEO of BreaktheTide
CISA, CGEIT, CRISC, CDPSE

Sarah Ahmad Abedin is the Founder and CEO of BreaktheTide, a 501c(3) nonprofit organization in the United States. BreaktheTide (www.breakthetide.org) provides a fundraising platform for nonprofit organizations to help raise funds for empowering women, children and underprivileged communities. She is a Board member of Sambhali U.S., a nonprofit organization in the United States. Sambhali U.S. is a volunteer organization for Girls and Women Empowerment in Jodhpur, India. Sarah is also a Board member of Gultaz Memorial School and College in Doulatpur, Chattogram, Bangladesh.

Sarah is an Information Technology and Cybersecurity expert by profession with extensive management and leadership experience on a broad range of complex, fast-paced environments in public and private sectors. She started her career as an IT Auditor for the State of Michigan Office of the Auditor General and over the next 30 years she has worked in various capacities for global companies like KPMG, Financial Industry Regulatory Authority (FINRA), NASDAQ Stock Market, IBM and others. Sarah specialized in IT Security, Cybersecurity, Enterprise Governance, Risk, Compliance and Privacy in addition to her audit experience (internal and external). Her expertise is in the US Federal Law (NIST, FISMA, FedRAMP, US Data Privacy law, SOX, HIPAA), COBIT with an emphasis on Strategy, Governance, Risk, Compliance, Security and Privacy.

Sarah has always been passionate to work in the developmental areas for empowering girls and women.  She has been a mentor and a founding Advisory Council Member of ISACA’s SheLeadsTech (2017-1018). She was also the first Bangladeshi American President (2013-2016) of the Greater Washington DC (GWDC) Chapter of ISACA, the largest chapter in the world. She was a Member of Privacy Advisory Group of ISACA (2020-2021) and Governance Committee of ISACA (2019-2020). She was an Expert Reviewer of COBIT 2019 Framework (Introduction & Methodology; Governance & Management Objectives). She started the annual Women in Leadership & Technology conference for GWDC in 2016 and hosed this event every year since 2016 to present.

Sarah was an Adjunct professor at the University of Maryland Global Campus (Fall 2012) and an Advisory Board Member of University of Maryland Global Campus, Graduate School of Management and Technology (Financial Management & Accounting).

Sarah obtained her BBA in Accounting Information Systems from Eastern Michigan University and MBA in Electronic Business from Carey Business School of Johns Hopkins University.

La-Nay Grant
Data Governance Leader, CISCO

La-Nay is a leader within Data Governance and has 15+ years of experience. She began her career as a Congressional Intern then led advanced Data Analytics efforts as a Federal Government employee. She is an Ex-Big Senior Manager that now works for Cisco. In her current role she creates policy and initiatives that ensures her organization is compliant with local and international rules and regulations. As well as moving data operations forward by creating robust and innovative solutions that increase business value. She is a big believer in understanding how users see, process, and execute on data from various angles to best effect change.

La-Nay is a lifelong East of the River Washingtonian. She is a proud HBCU graduate and an active alumni member. She has created and launched mentoring programs focusing on HBCU students and STEM based extracurricular programs for middle school students. She holds a BS in Information Science and Systems from Morgan State University and a MA in Forensic Psychology from Marymount University.

K. Casey Watkins
Head of Global Cybersecurity & Privacy, FTI Consulting, Inc.

For more than 15 years Casey Watkins has served as FTI Consulting’s Head of the Global Cybersecurity & Privacy (GCP) Division based in the Mclean, VA office.

Mr. Watkins is an information security, privacy and risk management professional, executive, researcher and cybersecurity change agent with many years of information technology and business leadership experience. He is responsible for maintaining FTI’s security and privacy standards and keeping the firm’s security and privacy program up to date. He has over 30 years professional experience in Information Technology and Management with experiences in IT Management, Project/Program Management, Network Engineering, Systems development design, analysis and implementation; Information Security and IT Audit for complex multi-national organizations and the Department of Defense having spent a combined total of 24 years active and reserve as an Officer in the United States Army.