Systems Development – From Idea to Release
Journal of Information Assurance, Security, and Protection, November 2019
Jodi Bouvin and Thomas Schaefer
Systems Development – From Idea to Release
Journal of Information Assurance, Security, and Protection, November 2019
Jodi Bouvin and Thomas Schaefer
020 North America CACS
12-14 May 2020 | Baltimore, Maryland
THIS YEAR’S VENUE
Baltimore Convention Center
Palexpo Convention Centre
As the program is developed, we will continue to add information—check back frequently for updates!
39 CPE Hours Available
See What’s Next at North America CACS 2020.
Don’t Miss Your Best Chance to Save on the Top Audit, Control and Security Event in North America—Sign Up Now!
Stay ahead of trends and tools across your professional landscape.
Join us at North America CACS 2020, Tuesday, 12 – Thursday, 14 May in Baltimore, Maryland, and be a part of the top conference for IS audit and security professionals!
Register Early and Save US$400
Use Promo Code: NAC20FAL
See the pricing page for more details.
Here’s what last year’s attendees had to say about North America CACS:
“If you want an event where you will have a wide perspective of cybersecurity, governance, risk, control and audit, this is the place to go.”
“If you’re attending North America CACS, you’re going to get the information you need to develop as a professional, and you’re going to learn from the whole experience what’s on the horizon.”
Continue Professional Education Credits
To maintain ISACA certifications, certification holders are required to earn 120 CPE credit hours over a three-year period in accordance with ISACA’s continuing professional education (CPE) policy. Attendees can earn up to 39 CPE credits; 18 by attending North America CACS 2020, 14 for the 2-day workshops and 7 for the one-day workshops. ISACA conferences are Group Live and do not require any advanced preparation.
Please note that the session scanners at the Conference do not track CPE credit hours. You will still need to allocate your CPE hours in “My ISACA” following the conference. Certificates of Attendance will be accessible via your MyISACA profile 4-6 weeks after the conference. To view your certificate, log into your account at http://www.isaca.org/MyISACA. Select the “ISACA CPE Records tab” below your dashboard to see your ISACA CPE Certificates.
Your Certificate of Attendance details the maximum number of CPE hours you could have earned by attending this event. CPE policies for each ISACA certification, as well as details on how to report your CPE hours, are available here on ISACA’s website. Reporting can also be done by submitting information on the annual renewal invoice
What’s in it for you?
Grow Your Network
Enjoy direct access to leaders and fellow professionals, and interaction with our expert speakers in the breakout sessions and innovators and solutions providers in the Expo Hall.
Enhance Your Knowledge
Choose from dynamic, timely topics that help you address challenges and learn innovative solutions. Conference track sessions and workshops will feature topics that are current and timely, subject matter that is cutting edge, a thought-leadership perspective that understands today’s industry challenges and is on the leading edge of new ideas.
What is in it for your organization?
Embrace fresh insights, tools and solutions you can apply immediately in your organization with your choice of 100+ track sessions.
Share your experiences with fellow conference attendees and bring back their tactics, techniques and stories of hard-earned successes to enlighten and energize your team. Add to your professional value and ready your organization’s ability to see and shape what is coming next for the world of information systems, cybersecurity, technology and business.
Follow @ISACANews and join the North America CACS conversation by using the hashtag #NACACS.
Like ISACA on Facebook to stay informed.
Follow @ISACANews on Instagram to see behind the scenes photos of the conference.
Follow ISACA’s Company page on LinkedIn for updates.
Who should attend?
North America CACS 2020 brings together experts and practitioners in the areas of audit, security, cybersecurity, compliance, risk, privacy, control and IT, from a wide range of industries, including finance, banking, tech services, government, insurance, medical and more.
North America CACS sessions are for professionals at any point in their career, with three learning levels, hands-on labs, technical and soft-skill training, lectures, panel discussions and more. There is something for everyone at North America CACS.
As the program is developed, we will continue to add information to this page—check back frequently for updates!
First American Women’s Everest Expedition Team Captain, New York Times bestselling author of On the Edge
“Fear is OK, But Complacency Will Kill You”
Alison Levine knows what it’s like to survive (and thrive) in the world’s toughest environments. She served as team captain of the first American Women’s Everest Expedition, scaled the “Seven Summits,” and skied to the North and South Poles—making history along the way. In addition to climbing mountains, she also spent time climbing the corporate ladder in sales, in marketing and then on Wall Street after earning her MBA from Duke University. In her New York Times bestseller, On the Edge: Leadership Lessons from Everest and Other Extreme Environments, Alison asserts that the principles that apply to the world of extreme adventure also apply to demanding business environments. A former adjunct professor at West Point, Alison understands what it takes to lead teams through challenging situations. Her commitment to developing leaders of consequence earned her the Ellis Island Medal of Honor which has been awarded to seven US presidents, numerous world leaders, and two Nobel laureates.
Tracks for 2020
The North America CACS Conference is the premier conference for Audit/Assurance, COBIT®, Compliance, Risk, Security, and Strategy/Governance professionals. This year’s program will include sessions on:
IT Audit & Assurance
Emerging Technology & Techniques
IT Governance, Compliance & COBIT
IT Risk Management
Data Analytics & Information Management
Leadership Development & Career Management
Industry Trends & Insights
2020 Emerging Tech Trends Report
You’ve studied trends within your own industry, but how can you prepare yourself and your business for what’s next in a world of constant disruption? Amy Webb contextualizes emerging trends that matter to IT, Audit, Risk, Control & Security and explains how they fit into a more holistic vision of the future. She will distill and help your organization prioritize which trends to pay attention to, and how to think more exponentially about what’s on the horizon.
Amy Webb, quantitative futurist and bestselling, award-wining author, is a professor of strategic foresight at the NYU Stern School of Business and the Founder of the Future Today Institute. Webb was named to the Thinkers50 Radar list and won the 2017 Thinkers50 Radar Award. Webb is a Fellow in the United States-Japan Leadership Program, a Foresight Fellow in the U.S. Government Accountability Office Center for Strategic Foresight, and was a Visiting Nieman Fellow at Harvard University, where her research received a national Sigma Delta Chi award. She was also a Delegate on the former U.S.-Russia Bilateral Presidential Commission, where she worked on the future of technology, media and international diplomacy. Webb’s research focus is artificial intelligence. She has advised three-star generals and admirals, White House leadership and CEOs of some of the world’s largest companies on their futures. She is the bestselling author of The Signals Are Talking: Why Today’s Fringe Is Tomorrow’s Mainstream (2016) and The Big Nine: How The Tech Titans and Their Thinking Machines Could Warp Humanity (2019), a call-to-arms about the broken nature of artificial intelligence, and the powerful corporations that are turning the human-machine relationship on its head.
ISACA will host a variety of 2- and 1-day workshops immediately before and after the North America CACS Conference in 2020 to help you maximize your time, travel and CPE!
2-day Pre-Conference Workshops (14 CPE)
Sunday, 10 May & Monday, 11 May 2020 – Courses will run 9:00am – 5:00pm both Sunday & Monday
WS1— Cybersecurity Audit Certificate
WS2— Risk Management & Communication
WS3— Cloud Computing Security & Audit
WS4— Penetration Testing Overview
1-Day Post-Conference Workshops (7 CPE)
Thursday 14 May & Friday 15 May 2020 – Courses will run 1:00pm – 5:00pm on Thursday & 9:00am – 12:00pm on Friday.
WS5— Implementing the NIST Cybersecurity Framework Using COBIT 2019
WS6— Robotic Process Automation (RPA) & the Auditor
WS7— Coming Soon
WS8— Coming Soon
Continuing Professional Education Credits
To maintain ISACA certifications, certification holders are required to earn 120 CPE credit hours over a three-year period in accordance with ISACA’s continuing professional education (CPE) policy. Attendees can earn up to 25.5 CPE credits; 18 by attending GRC 2020, and 7.5 by attending one of the pre-conference workshops. ISACA conferences are Group Live and do not require any advanced preparation.
Please note that the session scanners at the Conference do not track CPE credit hours. You will still need to allocate your CPE hours in MyISACA following the conference. Certificates of Attendance will be accessible via your MyISACA profile 4-6 weeks after the conference. To view your certificate, log into your account at http://www.isaca.org/MyISACA. Select the “ISACA CPE Records tab” below your dashboard to see your ISACA CPE Certificates.
Your Certificate of Attendance details the maximum number of CPE hours you could have earned by attending this event. CPE policies for each ISACA certification, as well as details on how to report your CPE hours, are available here on ISACA’s website. Reporting can also be done by submitting information on the annual renewal invoice.
Do you have a topic that you think should be offered at this conference? We want to know! Tell us about it by submitting your idea on Twitter using #GRCConf
Conference Registration Fees
Act quickly to take advantage of early savings.
Full Conference Registration
Register and pay for the full conference before 11:59 PM CT on Friday, 8 May 2020 to receive the standard rate:
Member Price: US$1795 Non-Member Price: US$1995
Pre- and post-conference workshops are optional and can either be added to your conference registration for an additional fee, or registered for by themselves. Prices for workshops will vary; full information will be posted here once the workshops are announced.
Member Price: Prices vary based on workshop. See individual workshop for details. Non-Member Price: Prices vary based on workshop. See individual workshop for details.
Onsite Registration Rate
Register and pay for the full conference after Friday, 8 May 2020 and receive the onsite rate:
Member Price: US$1995 Non-Member Price: US$2195
Cancellation Deadline: Saturday, 11 April 2020
Terms and Conditions
All cancellations must be received by the published deadline to receive a refund of registration fees. A cancellation charge of US $295 will be subtracted from conference refunds; a cancellation charge of US $250 will be subtracted from 2-day workshop refunds; and a cancellation charge of US $125 will be subtracted from 1-day workshop refunds. No refunds can be given after the cancellation deadline above. Attendee substitution is permitted at any time until the conference. If a nonmember is substituting a member, then there will be an additional nonmember fee due.
NOTE: If, for any reason, ISACA must cancel a course or event, liability is limited solely to the registration fees paid. ISACA is not responsible for other expenses incurred, including travel and accommodation fees. For more information regarding administrative policies, please contact ISACA:
ISACA reserves the right to alter or delete items from the program in the event of unforeseen circumstances. Material has been prepared for the professional development of ISACA members and others in the IT audit, control, security and governance community. Neither the presenters nor ISACA can warrant that the use of material presented will be adequate to discharge the legal or professional liability of the members in the conduct of their practices. All materials used in the preparations on behalf of ISACA are original materials created by the speakers, or otherwise are materials which the speakers have all rights and authority to use and/or reproduce in connection with such presentation and to grant the rights to ISACA as set forth in speaker agreement. Subject to the rights granted in the speaker agreement, all applicable copyrights, trade secrets, and other intellectual property rights in the materials are and remain with the speakers.
Please note: unauthorized recording of presentations and workshops in any form is prohibited.
Please note that any attendee requested paperwork or documentation that ISACA needs to provide information or fill out, can take up to 10 business days.
Discounts for the conference are available and detailed below. Please note that discounts cannot be applied retroactively and must be applied at the time of purchase. All discounts are applied to the main conference registration fee and cannot be applied to workshop registrations. Discounts cannot be combined with any other registration discount offerings.
ISACA offers discounts to organizations sending 4 or more employees to a single conference.
ISACA offers a US $350 conference registration discount to government employees.
Academic and Student:
ISACA offers a US $350 conference registration discount to academic institution employees and students. Please note that you must be an ISACA Student Member in order to receive the student discount; additional membership and qualification details can be found here.
Please contact ISACA for more details and eligibility verification on any of the above discounts at +1.847.660.5505 or https://support.isaca.org.
Business casual is appropriate for this and all ISACA conference events.
Not a member of ISACA? Join today!
When you register for the conference as a nonmember, the difference between member and nonmember conference fees can be applied towards ISACA membership. This means you can become a member at the international and chapter level for little to no additional cost; it just depends on your local chapter dues. To take advantage of this great offer, check the box on the registration form. For more information about ISACA membership, visit the website or contact the membership department at email@example.com
NOTE: This offer expires 30 days after completion of the event. Nonmembers pay the nonmember conference fee when registering.
Pay online at https://next.isaca.org/cart
Mail your payment to:
1055 Paysphere Circle
Chicago, IL 60674 USA
Bank Wires—send electronic payments in US dollars to:
Bank of America
135 S. LaSalle St.
Chicago, IL 60603
ISACA Account #22-71578
S.W.I.F.T. code BOFAUS3N
* Please include attendees name on the Advice of Transfer.
Consent for Photos, Audio and Video Recordings Taken at Events or for Marketing Purposes
I agree irrevocably and free of charge that ISACA or any third party who is acting on ISACA’s behalf may create images, videos and/or sound recordings of me (“works”) at the event for marketing purposes. For these purposes, the granting of rights in the works also includes the rights to adapt, reproduce, distribute, perform, making available to the public, broadcast, retransmit or sublicense the works to ISACA’s affiliates. The granting of rights in the works also includes all current and future media, goes beyond the repetition of an event and is not restricted to time or territory. View ISACA’s Privacy Notice >>
Registration and Payment Policy
You must be 18 years of age or older to attend this event.
Registration submissions for this conference and any additional workshops are note processed and a seat is not confirmed or reserved until full payment is received. All submissions not paid in full will be placed on a waitlist and priority will be given to paid registrants in a payment first come, first-served basis. Space is limited, so it is highly recommended that payment is provided at the time of submission to guarantee a seat within the conference and related events.
Registration rate is determined by the date payment is received by ISACA HQ and current membership status. Please plan accordingly, as it may take 10 or more business days for a wire transfer or mailed check to reach ISACA. Should we receive payment after a registration rate deadline, your account will be adjusted to reflect the current due amount. Entrance to the conference and all related events is contingent upon full payment.
Justify Your Attendance
Click here for a deeper dive into how North America CACS 2020 benefits your enterprise.
Check out quick takes from North America CACS 2019 to review the speakers, education and content you can expect at a CACS conference.
North America CACS 2019 Report
Check out the conference highlights from the North America CACS 2019 conference
Please check back for more highlights about North America CACS!
Welcome to Baltimore!
Baltimore, “city of neighborhoods”
Baltimore’s diverse city landscape makes it the perfect setting for professionals from all different career walks of life to get together in one place for a variety of focused sessions. Explore Baltimore’s Inner Harbor where you can find plenty of dining and entertainment including the National Aquarium, site-seeing boat cruises and delicious seafood, or explore the vibrant restaurants and bars located just beyond the right field wall of Oriole Park at Camden Yards on Eutaw Street! The “city of neighborhoods” has a little something for everybody. Start planning your trip now! Click here to check out all there is to do in Baltimore!
Click here to save with Baltimore’s Show Your Badge Program
Baltimore Convention Center
All conference events take place at The Baltimore Convention Center (BCC), unless explicitly noted in the event schedule. ISACA highly recommends that attendees stay at one of the 3 conference hotels located within walking distance from the BCC – see full hotel details below. Click here for more information on the Baltimore Convention Center
Hilton Baltimore Inner Harbor
401 West Pratt Street
ISACA Group Rate: US$229 + taxes/fees per night, single/double occupancy
Group Room Rate Deadline: 10 April 2020
Cancellations with full refund will be allowed up until 24 hours prior to the arrival date of the reservation.
Baltimore Marriott Inner Harbor Camden Yards
110 South Eutaw Street
Click Here to Make Your Reservation
ISACA Group Rate: US$209 + taxes/fees per night, single/double occupancy
Group Room Rate Deadline: 17 April 2020
Cancellations with full refund will be allowed up until 72 hours prior to the arrival date of the reservation.
Sheraton Inner Harbor
300 South Charles Street
Click Here to Make Your Reservation
ISACA Group Rate: US$209 + taxes/fees per night, single/double occupancy
Group Room Rate Deadline: 17 April 2020
Cancellations with full refund will be allowed up until 72 hours prior to the arrival date of the reservation.
ISACA’s Group Room Rate
There are a limited number of rooms available at ISACA’s Group Room Rate and reservations will be handled on a first come-first served basis. All reservations made after the deadline or after the room block fills, whichever comes first are subject to space and rate availability. In order to guarantee hotel reservations, guests will be required to provide credit card. Please note, credit card may be charged if reservation is cancelled after the deadline.
Help Us to Help You!
For the best possible experience, ISACA strongly encourages conference delegates to stay at one of the host hotels listed above. They are the most convenient locations for attendees to be as close as possible to all conference activities at a negotiated price. In addition, every reservation made for those attending the 2020 North America CACS Conference helps ISACA fulfill its commitment to the hotel, in turn allowing ISACA to continue to keep the cost of both conference fees and membership dues as low as possible.
Please note: ISACA will never contact you with guest room promotions offering a better deal. With the advent of discount aggregators or housing “pirates,” if you experience a problem with a “pirate” reservation, ISACA cannot assist you. However, please know that ISACA staff will work with you to resolve issues that may arise if you make your reservation through the ISACA-provided housing registration link.
Baltimore International Airport (BWI)
10 miles/20 minutes from Baltimore Convention Center
Dulles International Airport (IAD)
60 miles/75 minutes from Baltimore Convention Center
Ronald Reagan Washington National Airport (DCA)
42 miles/60 minutes from Baltimore Convention Center
As part of the “Show Your Badge Program” The following companies are offering discounted rates for conference attendees. Please use codes listed below to obtain discount.
Battle’s Transportation Inc.
KD Elite Transportation
Supershuttle Airport – BWI Airport
Thank You to Our 2020 Sponsors!
Senior Cyber Security and Compliance Manager, Rogers, Toronto
Ferris is a Senior Cyber Security and compliance manager with Rogers, Toronto. Before Rogers, Ferris worked as Security and Risk Manager at TD bank for four years. Ferris is an experienced professional with over 20 years of experience specializing in information security Governance, IT risk management, project management, compliance, operational risk, and enterprise infrastructure and operations for clients in the Telecom, financial services, construction, engineering, and retail industries. Ferris has also performed information security functions for the most significant public and private companies in Canada, Aecon and Symcor and TD bank. Ferris is an instructor, Cyber Security Management Program at the University of Toronto. Ferris developed leadership skills through his career, i.e., communicating effectively, thinking strategically and analytically and solving problems. Ferris holds a Master of Business Administration – MBA-Project Management. Ferris is a Certified Information Systems Security Professional (CISSP). Ferris is a frequent speaker at cybersecurity conferences such as ISACA Canada, CIFI Toronto Conference, CISO forum, data connectors and information security forum in Dublin, Ireland.
Founder and CTO of Fluid Attacks
Rafael is the Founder and CTO of Fluid Attacks. He is responsible for red team operations and product development focused on fast exploitation and vulnerability disclosure. A frequent speaker on software development, information security, and entrepreneurship. Rafael was a member of the technical committee responsible for the Colombian homologation of ISO security standards, leader of the first Colombian ISO 27001 certification, and an adjunct lecturer of Operating Systems, Distributed Systems, and TCP/IP Networks.
Co-founder and Vice President of PSC
Tom Arnold is Co-founder and Vice President of PSC, part of NCC Group. Based out of San Jose, California, he heads PSC’s Digital Incident Response and Forensics team and specializes in internal and external security assessments related to US and international standards. He leverages his payments background to evaluate and design security controls and secure systems that accept a variety of traditional and emerging consumer payment technologies. Among his clients are trans-global payment processors; over-the-air and traditional & digital credit card production companies; global telecommunication companies; travel and hospitality companies; and, large multi-national retailers. Mr. Arnold has been directly involved investigating and resolving over 120 cases involving unauthorized access to computer systems that store or process payment card data. He has been the lead investigator on large breaches where environments spanned over 7,000 servers and involved complex threat hunting to find the adversary.
Owner, Cybersecurity Management Consulting Group, LLC
Since his first role in IT in 1993, James has worked in the Information Technology field for companies in both the private and public sectors with opportunities at MCI Worldcom, the State of Georgia, CompuCredit, Global Payments and the American Cancer Society. Prior to his role with the Society, James was the Vice President of Information Protection and Compliance for TransCentra, the largest independent conventional Payments Processor in the US, and he currently is performing CISO duties for International Market Centers, and finishing up the build on his BBQ Shaque.
Senior Level Executive Director
Radhika Bajpai is a Senior Level Executive Director with over 18 years of financial services experience performing financial, operational, compliance and regulatory internal control reviews, risk assessments, analysis and risk mitigation. Radhika has expertise within Risk Management, Control Oversight, Strategic Planning, Regulatory Response, Operational Risk, Project Management, Compliance, Recovery and Resolution, Business Continuity Planning, Sarbanes Oxley (SOX), Risk and Control Self-Assessment (RCSA), SSAE18/SOC1 domains. She is an IT risk and cybersecurity professional with exceptional interpersonal skills and “hands-on” experience in information risk management, incident response, policy development, regulatory compliance and training & awareness program development. Radhika has led external audit assurance program with responsibility for continuous control monitoring and data analytics in various top tier global financial institutions like Goldman Sachs and Bank of New York Mellon. She has led various projects in designing IT general controls following NIST Cybersecurity, ISACA COBIT and Unified Compliance frameworks including access and entitlement management, change management, technical operations and physical security domains. Radhika has a keen understanding of national and international laws, regulations, policies and ethics related to cybersecurity controls in financial industry. She has recently completed her second master’s degree in Cybersecurity Risk & Strategy from NYU School of Law and Tandon School of Engineering.
Partner. Co-Chair Privacy & Data Security. Chair Latin America Desk, Frost Brown Todd
Victoria is a member in the Columbus office of Frost Brown Todd, Co-chair of the Privacy and Data Security group, and Chair of the Latin America Desk. She assists clients with compliance of state, federal, and international privacy laws as well as preparing strategies for responding to data breaches and other security incidents. Her experience includes facilitating the resolution of cases involving ransomware, assisting multi-global companies with recovery of losses after a breach, proactively reviewing existing policies for domestic and foreign companies to minimize risk of potential litigation, and developing and assisting clients with the implementation of cybersecurity programs and policies. Victoria also represents U.S. and foreign companies in intellectual property, business, and cross border litigation. Victoria’s fluency in Spanish and her education and work experience in Latin America allow her to help U.S. and foreign companies navigate through transnational disputes and issues of foreign law. Prior to practicing law, Victoria was an industrial engineer in the technology and automotive sectors and a competitive figure skater.
CEO, Smooth Sailing Solutions
Matt Beland is an industry-leading IT and security professional with 25 years of experience in the field. His crew at Smooth Sailing Solutions builds comprehensive privacy and security programs through whole-organization engagement. Matt’s experience has proven that the most successful way to build productive practices and programs is to employ existing resources and capabilities before reaching for shiny new tools.
GDPR Manager, OneTrust
Alex Bermudez serves as Privacy Consulting Manager of the Americas at OneTrust – the #1 most widely used privacy, security and third-party risk technology platform. In his role, Bermudez leads OneTrust’s team of Solution Consultants across the Americas, working with emerging and enterprise companies on data protection regulation solution implementations, focused on building and scaling global privacy programs. Bermudez has presented on a variety of privacy and security topics, providing deep insight into regulatory issues and practical approaches to compliance. Additionally, he helps facilitate OneTrust’s PrivacyConnect workshops across North America. Prior to OneTrust, Bermudez spent several years at a leading Healthcare Information Technology services organization where he gained valuable experience working with national healthcare providers to implement HIPAA-compliant workflow solutions. Bermudez is a Certified Information Privacy Professional (CIPP/E, CIPM) and holds a B.S. from the University of South Carolina.
Sr. IT Security Risk Analyst, Guidewire Software
Having a background formed by all 3 lines of defense across 5 market industries, Clint brings a decade of experience to the field as a Security Practitioner and Ambassador. While some like to talk about security others like to dig in a solve problems asking, “how does it work?” and “what’s next?”. New technology and new forms of old technology beg us to think forward and be more ingenuitive thinkers and problem solvers. Come join the discussion for building a better tomorrow for our lives and organizations.
Director of Operations, Coordinated Response
Starting his career in 1975, Mr. Bothe possesses forty years of experience in the information technology field, with the last twenty focused in information security. His experiences encompass a wide range of disciplines, ranging from the development of information security strategies and programs to architecting and managing the deployment of information security technology. Working nearly exclusively in the private sector, Mr. Bothe’s clients have included organizations in the communications, healthcare, banking, insurance, technology, retail and manufacturing sectors.
Founder of Verracy
Mary Breslin is the Founder of Verracy and specializes in Internal Audit transformations, Operational and Financial Auditing, Fraud Auditing & Investigations, and Corporate Accounting. Ms. Breslin’s career spans over 20 years in Internal Auditing, Management and Accounting for companies such as ConocoPhillips, Barclays Capital, Costco Wholesale, and Boart Longyear. With significant International experience, she has managed audit programs in more than 50 countries. Most recently, Ms. Breslin held the title of Vice President and Chief Audit Executive where she transformed a checklist audit function into a value-add audit department delivering measurable business results. Mary was an early adopter of analytics and has been utilizing data analytics in her career in both audit and fraud work for over 15 years. Through her expertise, she has helped large global organizations leverage analytics to increase coverage, automate continuous auditing and monitoring, and actively fight fraud. Additionally, Ms. Breslin has conducted major fraud investigations on multiple continents including large scale federal cases. Ms. Breslin attended Rutgers University and received an MBA from the University of Phoenix while living and working overseas. She is a member of the Institute of Internal Auditors (IIA), American Institute of Certified Public Accountants (AICPA), ISACA, the Society of Corporate Compliance (SCCE), and the Association of Certified Fraud Examiners (ACFE) and is currently an instructor and conference speaker for the IIA, The ACFE and ISACA.
Manager Supplier Quality IS Services, Philip Morris International
Jakub Bryl – IT manager with vast experience in IT governance, IT quality and IT security fields. Throughout his career, Jakub has held various consultancy, audit and managerial roles, including IT/IS Auditor, ITCP Test Manager, SAP Infrastructure Test Manager, QA Team Manager, GRC Manager, IT Architecture Standards Manager. He had worked both as an individual contributor, and as a leader of large (over 45 individuals) teams. Jakub has been a speaker at several software quality and software security conferences and seminars. He has published both in academic and industry journals. He holds multiple professional designations, including CISM, CISA, ISO 27001 Lead Auditor, ITIL Expert and ISTQB.
Consulting Partner, RSM
Jamie is a consulting partner with over 17 years of experience, with over seven years working in a Big Four global consulting firm. She is experienced in enhancing the reliability of processes and systems to better manage and control risk within the business enterprise. Her primary responsibilities are to provide consulting services focusing on clients’ business and information technology needs, including strategy, compliance, risk management and audit services. Jamie’s background includes exposure to identification and evaluation of key risks and controls, including compliance with regulatory guidelines.
Senior Cyber Security Engineer, Keno Kozie Associates
Christopher is a Senior Cyber Security Engineer and Diversity and Inclusion advocate from Chicago, IL. When not spending time defending networks, they can be found advocating for various minority communities, mentoring coworkers and those aspiring in IT, speaking on various topics, and blogging on syntaxbearror.io.
Data Economist, Monitaur
Andrew Clark is a Data Economist at BlockScience; engineering, research, and development, and analytics firm focused on the design and analysis of complex networks. At BlockScience Andrew creates ecosystem economic design specifications by simulating the designed ecosystem using Python-based methods. Employing mathematical engineering technologies, he creates novel solutions by utilizing time-tested systems engineering practices to solve business problems. Andrew is co-founded, and Chief Technology Officer, of a machine learning assurance company called Monitaur. Monitaur solves a key problem that has been preventing wide-spread machine learning adoption: the lack of a holistic approach to machine learning risk management. Monitaur has created a risk management and regulator friendly ‘SIEM’ system that records all model predictions with an understandable description of why a transaction has occurred. Andrew received a B.S. in Business Administration with a concentration in Accounting, Summa Cum Laude, from the University of Tennessee at Chattanooga, an M.S. in Data Science from Southern Methodist University, and is a Ph.D. student in Economics at the University of Reading. He also holds the Certified Analytics Professional, American Statistical Association Graduate Statistician, and AWS Certified Solutions Architect – Associate certifications. An avid conference speaker, Andrew has appeared as a speaker at numerous conferences presenting on open source audit analytics, machine learning, and emerging technologies.
CEO, BNY Mellon Bank
Information Security Professional PCI-QSA, CISA, CISM, CGEIT, CRISC, CPA Relevant experience in payment solutions: Mellon Financial Services New Jersey – Audit Director: Responsible for managing operational and information technology audit function for Buck Consulting, Buck International, HR Total Benefits Outsourcing and managing IT Audits for Dreyfus, and Mellon Investor Services. Scoped and managed all financial, operational and IT audits using both COSO and COBIT methodologies.
Director – Global IT Audit, IHS Markit
Prescott has done work from every “column.” In addition to internal auditing, he was a production floor manager, ran treasury and investments for Colorado’s third-largest city, and guided universities in the U.S. and Canada to develop effective brand marketing programs. In auditing, he served on the global audit leadership team of one of the UK’s largest insurance companies and worked to build world-wide consistency from their London headquarters. He built their U.S. IT Audit practice and created a team that consulted on new projects and initiatives. In 2009, he became the first Chief Internal Auditor for Denver Water, the most significant water utility in the western U.S., and over a 10-year period, helped it dramatically transform its operating and control environment. It was at Denver Water, while immersed in the organization’s uncompromising and highly successful “Lean journey,” that Active Auditing was born. Prescott is now the global IT Audit Director at IHS Markit, where he is starting to implement many of the tools and techniques from Active Auditing.
Deputy Chief Information Security Officer, State of Idaho
Prior to June 2019, Diego was the State of Idaho’s Deputy Chief Information Security Officer and did more than set state-wide policy and direction to protect information system assets. Using his more than 7 years IT Auditing and Performance Improvement experience within his 25-year IT career, he’s determined to apply and combine his unique education and experience in cybersecurity to simplify the implementation of major control frameworks such as NIST SP 800-53. Diego and a team of state agency personnel developed the State of Idaho’s first state-wide Incident Response capability based on best-practices. Diego is married to his best friend Dina and has three children all over 18 years of age. Diego is a U.S. Coast Guard veteran and loves to go out for a ride on his Harley when he can get the chance.
Manager, Charles Schwab
Graduated from the University of Utah with a master’s degree in accounting. Worked in the Advisory IT Audit practice at Ernst & Young for about 3 years focusing on integrated financial audits and SOC reporting. Currently (4+ years) an IT Audit team manager at Charles Schwab focusing on SOX and ICOC compliance audits. Is a CPA and CISA.
CISO, Cybersecurity Leadership Author, CISO Spotlight, LLC
Todd Fitzgerald has built and led information Fortune 500/large company security programs for 20 years. He was named 2016–17 Chicago CISO of the Year, ranked Top 50 Information Security Executive, authored 4 books- CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers (2019), Information Security Governance Simplified: From the Boardroom to the Keyboard, ground-breaking CISO Leadership: Essential Principles for Success, E-C Council Certified Chief Information Security Officer Body of Knowledge and contributed to a dozen others. Todd held senior leadership positions at Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, WellPoint (Anthem) Blue Cross Blue Shield/ National Government Services, Zeneca/Syngenta, IMS Health and American Airlines.
Chief Analyst & CEO, Foote Partners, LLC
David Foote is co-founder and chief analyst at Foote Partners, headquartered in Vero Beach, Florida. A tech labor trends benchmark research pioneer and one of the most quoted industry authorities on global technology workforce evolution, he has spent more than two decades introducing groundbreaking data-driven benchmark research techniques and innovating industry practices for more accurate tech compensation benchmarking and tracking/forecasting of tech skills supply and demand. He built his reputation at Gartner and several Silicon Valley companies prior to co-founding Foote Partners in 1997. There he leads a senior team of analysts, consultants and researchers in publishing continuously updated quantitative and empirical tech labor research supported by close research partnerships with 5,470 employers in the United States, Canada, and Europe.
Deputy District Attorney, Los Angeles District Attorney’s Office
Benny is a veteran criminal prosecutor with experience prosecuting cases ranging from narcotics offenses to gang murders to complex white-collar crime. Currently, as a member of the prestigious Cyber Crime Unit, his job focuses on complex technologically based crimes and sex crimes, including child pornography, solicitations of minors and other cyber-sex crimes. Benny is also a Lecturer in USC’s Viterbi School of Engineering, teaching Cyber & Privacy Law to undergraduate students. The course is geared toward helping forensic professionals identify potential privacy pitfalls, as well as assisting pre-law students in understanding legal issues. Additionally, Benny is an internationally recognized and experienced lecturer, lecturing on matters pertaining to being a District Attorney. Topics he has lectured on include: criminal justice, criminal procedure, privacy concerns, constitutional issues, sex crimes, complex fraud and white-collar offenses.
IT Specialist, Inter-American Development Bank
Egdares Futch works as an IT Security Specialist in charge of Information Security – Access Management at the Inter-American Development Bank in Washington, DC. He was previously Regional Solutions Architect, Cloud IT and Disaster Recovery for Cable & Wireless Business Solutions in Central America, Colombia, and the Caribbean region. Strong background in IT governance in the financial sector, overseeing IT strategy and service delivery for a regional development bank in the Central American region. Named CIO of the Year (2008) by IT Now Magazine, primarily for leading the Business Continuity and Core Banking system renewal projects. Speaker for various international conferences in Colombia, Mexico, Guatemala, Honduras, and Costa Rica, as well as the TEDx conference in Tegucigalpa, Honduras. He has taught for more than 25 years as Computer Science professor at universities in Guatemala and Honduras.
Software Development Lead, Chevron
I graduated as IT Engineer in 2008 in UAI University of Buenos Aires. I have been working for 15+ in Software development in several technologies from MS .Net to Java and hybrid frameworks like Cordova and Ionic for desktop, web-based and mobile devices. I developed software for several industries like automotive, health and, oil and gas. I am currently leading a team of developers at Chevron Houston headquarters and creating mobile and web-based platforms for field workflow enablement.
Executive Vice President, Center for Internet Security
Reg Harnish is a serial entrepreneur, nationally-recognized speaker, author and an Executive Vice President at the Center for Internet Security. Reg is also a founder of GreyCastle Security, the cybersecurity industry’s leading provider of risk, compliance, certification and privacy services. Reg has been practicing cybersecurity for nearly two decades. His experiences, skills and perspectives have established him as a highly-respected thought-leader. Reg is regularly featured in Time Magazine, Forbes, The Washington Post, CBS Nightly News, CIO Magazine, Dark Reading, Software Magazine, ComputerWorld, InfoWorld and countless other media outlets. Reg is a nationally-recognized speaker and has presented at countless industry and security conferences. His thoughtful and sometimes provocative perspectives on leadership and cybersecurity have made him a highly sought-after keynote speaker.
Guy Herbert, CISA
Risk Futurist, Atlassia
Guy has over 25 years working in Risk, IT and Technology across the Finance, Telecommunications, Pharmaceutical and Software industries. He has managed risk, compliance, audit and technical delivery teams during this time. Guy has been thinking of better ways for Atlassian to manage IT Risk and Compliance since Sept 2013. Atlassian is an Australian company started 17 years ago that builds software to help teams work better together – products include Jira, Confluence, Bitbucket, Trello, Statuspage and Opsgenie.
Risk Assurance Director, RSM
Bob is a Director with over 23 years of experience assessing, designing, and implementing internal control and process improvement solutions. As the leader of RSM’s Risk Consulting Intelligent and Robotics Process Automation practice, Bob is tasked with helping both RSM and our clients become more “digital” as it relates to the assessment and performance of internal controls. Bob has been trained on Automation Anywhere, UiPath, Virtual Operations VOLT RPA implementation methodology and is familiar with other automation tools and techniques. To date, Bob has lead the design and implementation of 50+ “bots” primarily in the areas of controls performance and controls validation to help improve and automate repetitive tasks performed by the 1st, 2nd and 3rd lines of defense. He also has experience in most industries including industrial products, retail and consumer, banking, pharmaceutical, energy, and high tech. Bob has spoken at multiple conferences and training sessions on the topic of SAP security and controls, project assurance and intelligent and robotics process automation.
CEO, CISO, Cyber Services
Visionary Chief information Security Officer (CISO), virtual CISO, and cybersecurity expert. Experienced Enterprise Architect and Business Intelligence implementation expert. Business Management Leader with a diverse background in information systems development and integration, hardware/software engineering, management consulting, and project management. Experienced in government and commercial sectors including pharmaceuticals, finance, defense, healthcare, manufacturing, telecommunications, and academia.
Oversight Audit and Compliance Lead Specialist, Inter-American Development Bank
MBA, CISA, CIA, CRMA, CCSA, PMP Audit professional with 17 years’ experience reviewing business processes, information systems, and applying data analytics techniques. Since 2010, Luis works in the Internal Audit Department of the Inter-American Development Bank (IDB), where he orchestrated and led the Data Analytics Strategy improving internal audits’ efficiency and effectiveness, innovating products and services, and expanding the audit coverage. Prior to joining the IDB, Luis was a Business and Processes Improvement Manager in PricewaterhouseCoopers (PwC), where he led audit and consulting projects in multinational organizations. Luis is a System Engineer with a master’s in business administration.
Director, Technology Audit, Adobe
Vishal is a Director at Adobe and leads the Global Technology Assurance & Advisory function. Vishal has over 14 years of professional experience leading and delivering on Risk Management, Technology Audits and Cybersecurity related initiatives. Graduate of RMIT University, Melbourne with CISA, CISSP and CCSK certifications. He has been a contributor to frameworks and articles related to Security Assurance & Compliance, along with presenter at conferences like RSA
Director, Global Risk & Compliance, Cott Corporation
Leslie Larson joined Cott Corporation in Tampa, FL in 2008. Cott is a leading North American and European water, coffee and coffee extracts, tea and filtration solutions service company. She works in the Internal Audit group as Director, Global Risk and Compliance. Her primary responsibility is to ensure that the companies Cott owns or acquires fulfill internal and external requirements in the areas of risk management, including enterprise risk, fraud risk, and cybersecurity risk, and compliance activities, including ethics, compliance training, SOX, PCI, data privacy, and corporate policy compliance. In 2018 she was a key member of the preparedness taskforce for implementation of the General Data Protection Regulation (GDPR) for Cott’s European business units. Current areas of focus are the California Consumer Privacy Act, implementation of a global ethics and compliance training program, development of a fraud risk framework, and rollout of a global Anti-Bribery and Corruption and Anti-Money Laundering Policy. Leslie is a CIA, CISA, and CFE. She spends much of her time traveling the world to visit all of Cott’s business units.
Director, All Alumni Events LLC
Lena Licata is a Director specializing in Process, Risk, and Technology Solutions (PRTS), with more than 15 years of experience that includes public accounting and private industry. She assists clients primarily in the financial services, pharmaceutical and energy industries, providing a host of IT audit and risk services. Lena helps ensure controls are working properly and business process documentation is current, through annual risk assessment and internal control testing. She identifies and evaluates control deficiencies and designs remediation efforts for the short and long term. In addition, she performs various services related to business process improvement and financial compliance projects. Prior to joining EisnerAmper, Lena was an information risk and security consultant. Her previous experience also includes serving in the pharmaceutical industry as an IT Internal Audit Senior Manager as well as a Manager in Information Technology Advisory Services at EY, where she was involved with identity and access management remediation, vendor risk management projects and internal audit co-sourcing engagements.
Audit Director, Nationwide Insurance
Clarissa Lucas is an IT Audit Director for Nationwide Insurance in Columbus, OH. She has been with Nationwide for seven years, holding roles in Internal Audit, Enterprise Risk Management, and Corporate Compliance. Prior to joining Nationwide, Clarissa worked in Audit and Compliance at Huntington Bancshares and the Bank of New York Mellon. She is a Certified Internal Auditor and a Certified Investments and Derivatives Auditor.
Data Center Infrastructure Administrator, Intermountain Healthcare
Carbon Lundgren, CISA, brings a unique perspective to securing IT assets that carry your data. With a background of 50 years in physical security, his career has now taken him to the position of lead security specialist for a world-renowned health care company with over 600 data areas to secure. Carbon has been heard to say, “I have a criminal mind”. Using the criminal mindset, Carbon has developed a best practices protocol that is becoming widely accepted by industry and governments. Some of the skills Carbon has learned is lock picking, and that of a professional safe-cracker. These skills directly relate to establishing physical barriers that will prevent hackers and terrorists from beginning their attacks inside the firewall. Carbon’s knowledge directly relates to several areas of COBIT: Appendix A: Mapping Pain Points to COBIT Processes and NIST: Table D-1: Mapping Access Control Requirements to Security Controls.
Mark Lundin is an audit and consulting partner with 20 years of audit, risk management and compliance experience focused on online, cloud and highly regulated businesses. He is currently cloud, security and privacy assurance partner at BDO. He previously built and led a cloud and security assurance practice for KPMG and he has worked with many top tier cloud and rapid growth technology companies to help them address security, privacy, risk management and compliance challenges. His certifications include CISSP, CIPP, CISA and CPA. He has led and served on various ISO, AICPA and industry standards committees focused on security.
Director, Security and Privacy, RSM US LLP
Alain provides security and privacy consulting to clients in a broad spectrum of domains, including privacy governance, security assessments, risk management, penetration testing, compliance frameworks and strategic advisory services. He serves as national lead for Data Privacy consulting services, supporting client teams with a wide range of compliance program matters for GDPR, CCPA, and other privacy regulations. He has also led large-scale engagements to design and develop the security programs for some of the country’s largest corporations, developing cost-effective security program road maps that demonstrably improve the organization’s maturity. He has also led major litigation support security engagements following some of the most visible data security breaches, supporting legal counsel with comprehensive assessments leading to dismissal of class and regulatory actions. He focuses primarily on retail, health care and financial organizations. Alain has 30 years of experience in a wide array of information systems, information security, and data privacy disciplines. Alain leads RSM’s security and privacy risk consulting practice in New England and RSM US’s data privacy service offerings nationally. He is a frequent presenter at a variety of industry organizations, panels and webcasts, as well as a frequent contributor to various publications.
Director, Digital Modernization, Sage IT Inc
As the Principal Architect for the Digital Modernization GTM Practice, Manish is the leader for the organization covering digital and data technology. He is focused on solving business problems through appropriate application of technology. He has over 13 years of experience in designing and building implementations that allow for business agility and future scalability needs. Manish is well versed with Enterprise Integration Patterns, Microservices, Micropatterns, Cloud, DevOps Automation and CI/CD. As a TOGAF certified architect, Manish is recognized in industry as a thought leader and is a member of the Forbes Technology Council. He has published numerous articles on topics including Data Virtualization, Event-driven Microservices, and Digital Transformation.
Senior Security Consultant, Coordinated Response
Jim Meyer, CRISC, CISM Jim Meyer is an Information Security Consultant with over 4 decades experience in the information technology field. Jim has extensive experience with software engineering and product management working on everything from database applications to document management and business process management solutions. In the past 10 years Jim’s security focus has grown from application and database security to information security and cyber response. Jim Meyer earned a B.A. in Mathematics from Tufts University and an M.P.S in Cybersecurity from University of Maryland Baltimore County.
Steven Minsky is the CEO of LogicManager and the author of the popular RIMS Risk Maturity Model framework and assessment tool. Steven has presented both strategic and tactical sessions at a variety of conferences, including ISACA’s 2018 & 2019 North America CACS Conference, the IIA’s All Star Conference, the IIA & ISACA’s GRC Conference, American Bankers Association’s Risk Management Conference, the RIMS Annual and ERM Conferences, and the Risk Management Association (RMA)’s GCOR series. He has led educational webinars on a variety of risk-based topics for groups like OCEG, RIMS, PCIAA, and hosted board-level training sessions for many LogicManager customers. Steven is also a patent author of risk and process management technology and holds MBA and MA degrees from the University of Pennsylvania’s Wharton School of Business and The Joseph H. Lauder Institute of International Management.
Director, IT Audit, UT Health Science Center at San Antonio,CISSP, CISA, GSNA, OCP
Robert Morgan (CISSP, CISA, GSNA, OCP) is the Director of IT Audit at the University of Texas Health Science Center at San Antonio. Over the last 20 years, Robert has held a variety of senior operations, security architecture, and internal audit roles within both US state and federal organizations as well as private banking and cloud computing companies.
Audit Director, Nationwide Insurance
Steve has over 20 years of Audit and Risk Management experience. Currently a Director in Nationwide’s Internal Audit Department, Steve is responsible for leading teams and navigating through a variety of complex Audit engagements and working with various business units and other lines of defense. After starting his career at PwC, Steve has been at Nationwide for 17 years, progressing through a variety of Internal Audit and Compliance roles. Steve holds the CISA, CPA, and PMP certifications.
Sr Mgr, Internal Controls, Charles Schwab
Graduated from the University of Illinois with bachelor’s degrees in accounting and finance. Worked in the Advisory IT Audit practice at Ernst & Young for 3.5 years focusing on integrated financial audits and SOC reporting. Spent the past 4.5 years redeveloping Charles Schwab’s IT and business process audit strategies for the SOX and ICOC compliance audits. Is a CPA and CISA.
Andrew Neal, CISM, CRISC
President, Information Security and Compliance, TransPerfect
Andrew Neal is an executive and practitioner in the information security community. Advising on data privacy, security and litigation projects for internal and external clients around the globe, he serves as a trusted subject matter expert for business leaders and legal professionals. Andrew leverages 30 years of business, technical and risk management experience to build programs, lead teams and execute projects internally at TransPerfect and across a wide range of client organizations. An effective communicator and engaging speaker, Andrew presents at international conferences and seminars, and teaches at major universities. He is active in several professional organizations, focusing his efforts on the development of professional standards and the mentorship of other professionals. Living in Dallas, Texas, Andrew currently leads the Information Security and Compliance Services division at TransPerfect, a global business services company.
CISO, InfoSecurity Master Consulting
Brett has been in information security for over 20 years. Brett has been tasked to a number of roles from firewall engineering to ISSO, and beyond-including managing security program for several systems in development. Most of this experience is within US Government or Military, but also beyond. Brett has utilized a number of security framework including HIPAA, FISMA, PCI DSS and others. Brett has covered systems from small and low security up to highly complex and nationally essential.
Sr Director of Information Security, Health Care Service Corporation,CRMA, CISA, CGEIT, CRISC
ISACA Board Director Pam Nigro, CRMA, CISA, CGEIT, CRISC, is the Sr Director of Information Security focusing on the GRC practice at Heath Care Service Corporation (HCSC), the fourth largest health insurance company, where she is responsible for information technology/information security risk and compliance testing. Successively, she inaugurated automated IT and cybersecurity controls/testing/analytics program for Agile/DevSecOps, and designed compliance checks in a digital chain of custody for transparency of code movement through the release pipeline to enable compliant code release velocity for the five Blue Cross Blue Shield Plans Illinois, Texas, New Mexico Oklahoma, and Montana, which comprise HCSC. Prior to HCSC, Nigro joined the Systems and Process Assurance (SPA) practice at PwC where she served both audit and non-audit clients. She is a recognized subject matter expert in HIPAA, HITRUST, SOC 1, SOC 2, Sarbanes-Oxley (NAIC-MAR), and IT/cybersecurity controls and risk assessments. Nigro is also an adjunct professor at Lewis University in Illinois, USA, where she teaches graduate-level courses on information security, ethics, risk, IT governance and compliance, and management of information systems in the MSIS and MBA programs. At ISACA, Nigro held various board positions for the Chicago Chapter, including chapter president, and is chair of the ISACA Chicago Women’s Forum (SheLeadsTech). She is a frequent trainer for ISACA at both the chapter and international levels. She also served on the ISACA International Chapter Services Working Group. Nigro received her MBA from Stuart School of Business at Illinois Institute of Technology in Chicago, Illinois. She has more than 25 years of experience in the information technology industry and holds numerous IT certifications. Nigro is also a member of Toastmasters International and has held numerous Toastmasters leadership positions, culminating in her achievement of her “Distinguished Toastmaster” award. She is a frequent speaker at industry conferences such as ISACA’s CACS and CSX events, ISACA and The IIA’s Governance, Risk and Control (GRC) Conference, IIA’s All-Stars Conference, and local ISACA and IIA chapter meetings.
Uday Ali Pabrai
Ali Pabrai is a renowned, globally recognized, cybersecurity expert and member of Infragard (FBI). He is a top-rated dynamic speaker. Mr. Pabrai is the chief executive of ecfirst, a compliance and cybersecurity company. ecfirst is an Authorized HITRUST CSF Assessor. Ali served on the HITRUST Assessor Council. Mr. Pabrai is the author of several published works. He is a member of the FBI InfraGard and has served numerous U.S. government agencies in several engagements.
OVSGT Audit & Compliance SR Specialist, Inter-American Development
Fabrizio Papi has more than ten years of experience in providing assurance and advisory services across international multilateral organizations. Fabrizio’s expertise includes IT and process auditing, cybersecurity, and data analytics. He’s passionate about emerging business technologies and promoting awareness on the topic. Fabrizio is a Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Internal Auditor (CIA), Project Management Professional (PMP), Certified Ethical Hacker (CEH), Computer Hacking Forensic Investigator (CHFI), and holds an MBA from the University of the Potomac.
Senior Manager – IT Assurance, Crowe LLP
Ben is a Senior Manager within the IT Audit Practice at Crowe LLP. He resides in Indianapolis, IN and is an active CPA and holds his CISA certification. With over 9 years of public accounting experience, his team specializes in SOC Examinations, Financial Statement Audits, HITRUST, PCI and Cybersecurity Assessment services. Outside of work, Ben enjoys travelling with his wife Brittany, staying active, and serving as a director and finance committee member of the Central Indiana ISACA Chapter.
Paul Phillips, CISA, CISM, MBA
Technical Research Manager, ISACA
Paul Phillips holds a bachelor’s degree in Accounting and an MBA with concentration in both Management and MIS. He also holds a Doctorate in Divinity from the Hope Seminary and Bible Institute. He is a Certified Information Systems Auditor and a Certified Information Security Manager. He has worked in corporate America in various capacities for 33 years. He has also worked as a part-time professor for several universities and other various institutions of higher learning for 17 years.
Dir IT Risk and Information Security, Third Party Security, American Express
Ely Pinto has over 20 years of experience in technology leadership and cybersecurity management in the financial industry. He currently serves as Dir of IT Risk and Information Security, Third Party Security for American Express. Prior to American Express, he served as the CISO for Bank Leumi USA and has held various positions in Information Security, software development, and Unix engineering. Additionally, Ely is a contributing author of technical security guidelines published by the Center for Internet Security.
Senior Manager, Advisory Services, EY
Michael is a Senior Manager in the Advisory Services practice of Ernst & Young LLP (EY). He has considerable experience in leading and managing cross-functional cybersecurity, risk transformation, and technology risk teams that deliverable exceptional client service. While at EY, Michael has focused on managing and delivering high-quality IT audit, attestation, and advisory services, while also recognizing that EY’s commitment to service quality extends to bringing relevant insights and industry experiences. Additionally, he has been recognized by his peers and teams as an outstanding mentor, coach, and instructor. Prior to EY, he has 15 years of experience that spans across various organizations and roles in Internal Audit and Information Technology. In addition to his role as a senior manager, he is the immediate past president of the Chicago chapter of ISACA where he serves as an advisor to the current president and other board members as well as assist in organizing events, chairing special committees, or researching responses to questions from the board. Besides his role as the immediate past president, he is an instructor for the CISA, CISM, and CRISC certification review courses. In addition to ISACA, he is a former Chicago KnowledgeNet co-chair for the International Association of Privacy Professionals.
CEO, Securely Yours LLC
Sajay Rai has more than 30 years of experience in information technology, specializing in cyber security, privacy, network architecture, business continuity, disaster recovery, IT audit and information risk. Mr. Rai is the Founder and CEO of Securely Yours LLC. Prior to starting Securely Yours LLC, Mr. Rai was a Cyber Security and Risk Partner with Ernst & Young LLP for 10 years. Mr. Rai also worked with IBM for 13 years, most recently serving as an executive of the national Business Continuity and Contingency consulting practice. He was instrumental in starting the company’s Information Security consulting practice. Mr. Rai co-authored three books titled “Security and Auditing of Smart Devices”, “Sawyer’s Internal Audit Handbook 6th Edition” and “Defending the Digital Frontier – A Security Agenda”. Mr. Rai serves on the board of ISACA’s Detroit Chapter and is the current President of IIA’s Detroit Chapter. He is also on the board of Society of Information Management’s Detroit Chapter. Mr. Rai is an adjunct professor at Oakland University and Walsh College. He is on the advisory board of Walsh College’s Accountancy Department.
Gideon T. Rasmussen
Consulting Principal, Virtual CSO, LLC
Gideon Rasmussen is an Information Security Consultant with 20 years of experience in corporate and military organizations. Gideon has designed and led programs including Information Security (as a CISO), PCI – Payment Card Security, Supplier Assessment, Application Security and Information Risk Management. Gideon has authored over 30 information security articles. He is a veteran of the United States Air Force, a graduate of the FBI Citizens Academy and a recipient of the Microsoft Most Valuable Professional award. Gideon has also completed the Bataan Memorial Death March (4 occurrences).
Robert LaMagna-Reiter is a leading, trusted Information Security expert. As the CISO for FNTS, Robert leads the information security program through risk management; strategy; architecture and engineering; regulatory compliance and IT governance; and adherence to policies. Leveraging 14+ years of expertise, Robert is also a strategic advisor, helping others to understand the value and return-on-risk to their enterprise through proper security strategy. He holds a number of industry certifications including: CISSP, CISM, CHP, PCIP & Security+. Robert’s past experience includes leadership roles in information security for transportation, government communications, retail, e-commerce and managed services industries. He holds a MBA and a Bachelor of Science degree in Management Information Systems from the University of Nebraska at Omaha.
Paul Ristvedt, CPA, CISA, Macc, has worked in compliance and audit for 15 years. Currently, I lead our IT SOX compliance among other responsibilities at Medtronic. My career began in PwC when SOX was being implemented and legislated. I have also worked at Patterson Dental (dental equipment wholesale), Nash Finch (food distributor) and more recently General Mills (food manufacturer). Outside of work, I enjoy participating or volunteering for Junior Achievement, Big Brother Big Sister, Habitat for Humanity, Toastmasters, Minnesota Data Analytics, and Feed My Starving Children.
Managing Director, Grant Thornton LLP
Sudhakar is an experienced leader with wide-ranging global experience in helping organizations and risk leaders plan and execute on their digital and cyber risk goals and strategies. His experience has been shaped by helping clients’ stand-up defensible, resilient and trustworthy cybersecurity and IT risk management solutions and articulating the value of cyber investments. Sudhakar’s leadership in cyber risk advisory spans more than 14 years, with a track record for excellence serving clients with nimble and practical cybersecurity and IT risk management solutions and growing business through standing-up new service capabilities and scaling-up existing capabilities.
Partner, RSM US LLP
Scott has over 28 years of professional experience in internal and external auditing, consulting, information technology management, business process improvement, and internal controls across a wide variety of clients in industries including manufacturing, consumer products, financial services, nonprofits, and other commercial entities. He also has experience providing leadership in the areas of internal audit, SAP and other ERP systems risks and controls, information technology controls, continuous audit, data analytics, information technology security, enterprise risk management, and corporate governance. Prior to joining RSM, Scott worked for a major consumer packaged goods food manufacturer, where he was a finance director in internal audit and most recently the finance director of global marketing. Before that, he was a senior manager for a Big Four accounting firm specializing in enterprise risk services including external audit, internal audit, SOX advisory and information technology internal controls. Scott has led teams across a wide variety of industries and for organizations of various sizes and served as the primary account executive for three large internal audit clients and two large public SEC manufacturing clients, running SOX, financial, operational and IT audits.
Director, Information Security Education & Consulting, Harvard University
Sandy Silk is the Director of Information Security Education and Consulting at Harvard University, Founder of Cyber Risk and Resilience Consulting, and a member of the Board of Advisors for the MS in Information Security Leadership at Brandeis University. She excels at bringing together executive leaders, business teams, and IT professionals to align cyber risk management with strategic priorities and culture, risk tolerance levels, and positive customer experience. Sandy is also involved in several WIT organizations and programs. Her prior information security career included positions with Fidelity Investments, Bose Corporation, and Wellington Management Company.
IT Audit Manager, McDonald’s Corporation
Audit leader with 19 years of technology and audit experience. Currently, technology and digital audit manager focused on addressing operational, compliance, security, and technology risks by conducting audits, utilizing data, and partnering with management. Audit focus areas include cybersecurity, privacy, cloud, data analytics, and fraud.
President, Escoute, LLC
As an internationally known governance, risk, and compliance expert in the areas of Cybersecurity, IT Service Management, Assurance and Audit, and IT Controls, Mark’s background spans leadership roles from CIO to Management and IT Consulting in several Federal and State Agencies, Private Firms, and Fortune 500 Companies. With over 25 years of professional experience, Mark has led large IT teams, conducted Service Management and information governance/risk activities for major initiatives, managed enterprise applications implementations, and implemented cybersecurity and governance processes across multiple industries using multiple frameworks including COBIT, ITIL and others. Mark is also a two-time recipient of ISACA’s John Kuyers award for outstanding speaker achievements.
Jen-Hao (Mark) Tu
Sr. IT Auditor, Thermo Fisher Scientific
Jen-Hao is a Sr. IT auditor in Waltham, MA, USA and has over 10 years of experience in Internal Audit and IT assurance services. Jen-Hao has participated numerous engagements in internal audit, ISO27001, and SOX compliance. He has served clients in the Oil & Gas, Semiconductor, and Real Estate sectors. He has also assisted private sector clients with control assessment at the enterprise and specific risk levels within various industry including Oil & Gas, Chemistry, Semiconductor, and Bio-tech.
Operational Risk Management, Wells Fargo
Patty Voight is an Operational Risk Management executive at Wells Fargo. She is based out of New York City and has been working in the information technology and security field since 1992. Patty has held various technical and managerial positions in the financial services, insurance, telecommunications, and technology sectors. Patty graduated from the Florida Institute of Technology and earned her MBA from the University of South Florida. Patty holds certifications and licenses including CIA, CISA, CISSP, CISM, CCSP, CAMS, CFE, CRISC, CRA, CGEIT, CIMP Ex, CDS Ex, CSX Fundamentals, Cybersecurity Audit and FINRA Series 7.
Enterprise Architect, NYS Office of Information Technology Services
Brian Waage is an enterprise architect with over fifteen (15) years’ experience in public sector IT. He specializes in IT/Business alignment, enterprise IT transformation, and information security. His major career accomplishments include leading a major SOA transformation program, architecting various enterprise application implementations and authoring multiple agency policies, standards and guidelines. His current focus is on Enterprise Architecture modernization, Event Driven Architecture, DevOps and distributed identity management.
Waller & Company
Talaya Waller, B.B.A., M.B.A., D.B.A. is an international personal branding consultant and professor. In 2014, she founded Waller & Company to provide research-based, data-driven personal brand strategies for CEOs and industry leaders. Her forthcoming textbook entitled Personal Brand Management: Marketing Human Value will be the first of its kind on the subject in the academic market. Notably, in 2018, Dr. Waller was invited to present a TEDx titled “The Future of Branding is Personal”. She is also a visiting professor and has delivered personal branding lectures in the United States, Poland, Australia, Switzerland, Chile, South Korea, Brazil, and South Africa.
Audit Director, Nationwide Insurance
Jason Winters is an Internal Audit Director at Nationwide Mutual Insurance Company, where he leads integrated audits focused on the Property & Casualty Insurance Operations and has been a key contributor in the development of Nationwide’s Audit Approach for coordinating assurance work across the three lines of defense. Working at a large corporation, such as Nationwide, Jason has learned that strong technical audit skills are only part of the equation; emotional intelligence is equally critical for sustained success as an auditor. Jason is a Certified Public Accountant (CPA), with 10+ years of audit experience (both internal and external), and began his career in public accounting, working within the external audit function at Deloitte. While at Deloitte, Jason also served as a facilitator for new hire training sessions. Jason is a graduate of Ohio University, with a bachelor’s degree in Accounting.
Deloitte & Touche LLP
Petrina is a CPA and CISSP, with 19 years of experience in finance, technology and risk & compliance. Petrina is a strategic leader, that advises clients across the second and third lines of defense. She brings a unique perspective, having held positions in industry, professional services and regulatory organizations. Petrina leads engagements to assess IT controls and advise clients on strengthening their control environments.
Act Quickly to Save US$400! Use Promo Code: NAC20FAL
FOR SPONSORSHIP AND EXHIBITOR OPPORTUNITIES
Contact ISACA’s Sponsorship Department:
Please address Sponsorship questions to: firstname.lastname@example.org
Contact ISACA’s Customer Experience Center:
Contact ISACA’s Communications Department:
Tel: +1.847.660.5512 or