Previous Chapter Meetings & Events
View presentations from previous ISACA San Diego chapter events.
2024
ISACA Workshop: API Security & Legal Risk Management for Organizations
In collaboration with FRSecure, and TeejLab, ISACA San Diego is excited to announce our interactive online workshop series on API Security. Consisting of 4 workshops in total, each workshop is designed to help individuals and organizations understand the importance of Web APIs in today's digital economy, and various business risks they pose to organizations.
Web APIs benefit organizations immensely through accelerated innovations, newer business models, competitive differentiation. Their growing significance can be measured based on the fact that APIs contribute 83% of the Internet traffic today. This growing API usage also means increased cybersecurity risks for enterprises. Given the importance of APIs in digital transformation and the risk they pose to enterprises, it is imperative for Security, Compliance and Audit professionals to better understand various API risks.
In this 4-series workshop, we'll discuss various risks that originate from enterprise API ecosystems. In particular, we'll talk about business risks that are tied to the underlying API security problems. We’ll then provide an overview of an API Governance framework that effectively manages API business risks. This framework is inspired by Software Composition Analysis (SCA) and Zero Trust model. Throughout these workshops, we’ll highlight the best industry practices and hands-on examples for API Risk Management.
Click Here for a copy of the presentation
WORKSHOP #1 DETAILS
30 mins: Global and Enterprise API Ecosystems
Global View of APIs
Enterprise View of APIs
30 mins: Classification of API Risks
Security and Legal Risks
Financial and Operational Risks
10 mins: {Break}
30 mins: Zero Trust Model
Zero Trust Resources
Zero Trust Tenets
30 mins: Software Composition Analysis (SCA)
Why and how SCA?
Security and Legal Aspects
10 mins: {Break}
10 mins: Account Setup:
https://apidiscovery.teejlab.com/accounts/login/
50 mins: Building the API Risk Management Program
Identifying API Security Risks
Identifying API Legal Risks
Continuous API Monitoring and Assessment
10 mins: {Break}
30 mins: Summary and Conclusions
Consolidating API Risk Due Diligence Process
Questions and Answers
Take Home Exercises
NOTE
For viewing the workshop, please attend via a laptop or desktop computer, as a mobile phone will not allow you to perform the hands-on exercises.
SPEAKERS
Dr. Baljeet Malhotra is an award-winning researcher and a global tech leader known for his work in Open Source and API Risk Management. He founded TeejLab in 2019 and steered the team to build API Discovery and Security™, world's first end-to-end API Risk Management platform. Prior to TeejLab, he established the R&D unit of Black Duck Software in 2016 (acquired by Synopsys for $565 million). He also served as Research Director at SAP and Senior Software Engineer at MahindraTech. He received a PhD in Computing Science from the University of Alberta and won several awards including NSERC (Canada) scholar and Global Young Scientist (Singapore). He concurrently holds Adjunct Professor positions at the University of British Columbia, University of Victoria and University of Northern BC. He has given numerous ISACA, ISSA, IIA, ISC2, OWASP talks globally, and published several papers, patents and articles.
Visit Baljeet on LinkedIn: https://www.linkedin.com/in/baljeetmalhotra/
November 2024: How to Get What YOU Want in Your Career
Are you ready to take control of your career trajectory? Do you want your true value to be recognized by your employer? Do you aspire to have a career that not only supports but enhances your life?
In this dynamic and interactive session, we will help you uncover what truly drives you and define success on your own terms. You'll learn actionable steps to achieve meaningful results that align with your personal and professional goals.
Event Highlights:
Uncover Your "Why": Discover the core motivations that drive you and why understanding them is crucial for your career and life satisfaction.
Navigating Today’s Job Market: Gain insights into best practices for landing the role you want in 2024. Learn the mindset and strategies that lead to success.
Career Advancement Strategies: Understand what companies value and how you can strategically guide your career toward your desired direction.
Whether you’re a job seeker striving to make progress, aiming for a promotion but uncertain of the path, or feeling stuck and considering a career change, this session is designed for you.
We’ll explore how you can leverage your IT expertise and integrate it with proven career strategies to secure the job you desire, earn the promotion you deserve, and successfully navigate career transitions.
Take charge of your career—and your life—NOW!
Click Here for a copy of the presentation
Click Here for a copy of the worksheet
SPEAKER: Dave Mahler – IT Career and Life Coach
Coach Dave, a seasoned IT Career and Life Coach, specializes in helping professionals uncover their passions, map out their next career moves, and effectively communicate their unique value to secure their ideal roles.
Relocating to San Diego in 1991, Dave has over 30 years of experience in IT, with a robust background that includes roles such as VP Strategy & Planning, Director of IT, System Administrator, Project Manager, and Instructor.
Dave’s academic foundation in psychology, combined with advanced certifications such as Master NLP Practitioner, ITIL, MCSE, CCNA, PMP, PMI-ACP, Reiki, and Hypnosis, equips him with the tools to foster meaningful career transformations. His commitment to the IT community is unwavering, and his track record speaks volumes about his ability to guide clients toward success.
Visit Dave on LinkedIn: https://www.linkedin.com/in/coach-dave-mahler/
October 2024: ISC2 San Diego and ISACA San Diego Joint Event: Forecasting Data Breaches
Data breaches are not as random as you might think. Building upon previous work forecasting fraud among business customers, we discovered something often overlooked by practitioners. Insufficient staffing is a strong predictor of data breach, and surprisingly, audit staff is just as effective at preventing a data breach as staff working in information technology.
This session will demonstrate how a cybersecurity data breach can be accurately forecast based upon the number of employees overall, and the number of employees with certain certifications that relate to cybersecurity, including the ISC2 CISSP and ISACA CISA certifications. You will learn how this approach of measuring cybersecurity could help your organization to set risk appetite goals in terms of expected frequency of a data breach, and how to right size the cybersecurity team and manage third-party data breach risk to meet these goals.
Divided into 2 sessions, the first hour will be a presentation from Michael Stoyanovich and Dr. Thomas Lee, introducing and walking us through their model. The second hour will feature a panel discussion, diving deeper into the model, and taking questions from attendees online. This session is online, open to the public, designed for varying ages/levels of technology experience, and available at no cost. Attendees will receive 2 CPEs for attending the full session.
Click Here for a copy of the presentation
SPEAKERS
Dr. Thomas Lee is the CEO of VivoSecurity, a Silicon Valley based company focused on data collection, regression modeling and A.I. to bring predictability to the randomness of data breach. In cybersecurity, Thomas has developed models to forecast fraud in online banking, probability for PII data breach, probability for lawsuits and costs in the event of a PII data breach, and the likelihood of a shareholder lawsuit for public companies in the event of a stock drop. He has developed models to forecast PII data breaches by state and models to forecast the number of data breaches in the healthcare industry. In 2018, Thomas was an invited speaker at the Richmond Fed research conference, PRMIA NYC & BCG, O.R.X Toronto & Milan and OpRisk North America. In 2019, Thomas was invited to participate at Richmond Fed cyber security workshop and was a panelist at ACAMS. In 2022, Thomas was an invited speaker at ISACA Toronto, ISACA Silicon Valley and the Silicon Valley Affiliate of WiSyS. In 2023, Thomas was an invited speaker at the ISACA chapters in Silicon Valley, Orange County, Boise, Memphis, Sacramento, Arkansas, and Central Ohio and he was a panelist at ISACA Silicon Valley Digital Trust Summit. In 2024, Thomas was an invited speaker at ISACA San Francisco, the Pacific Hackers Association in Mountain View California, Society of Information Risk Analysts (SiRA), ISSA Silicon Valley and a joint session of ISACA & IIA Northwest Ohio. Thomas has multiple patents and publications in peer reviewed journals and holds BS degrees in Physics and Electrical Engineering from the University of Washington, and an MS and PhD in Biophysics from the University of Chicago.
Visit Thomas on LinkedIn: https://www.linkedin.com/in/thomas-lee-phd-b7766b10/
Michael Stoyanovich is a vice president and senior consultant in Segal’s Administration & Technology Consulting practice. He is a leading expert at managing third-party data breach risk including 1) strategies and policies for managing risk-budgets, 2) methods for evaluating risk-budgets and 3) integration of the management of third-party data breach risk within current TPRM frameworks and practices. He is also an expert for assessing third-parties based upon information security (“InfoSec”) team size and training, IT-training, and evaluation of a third-parties outsourced cybersecurity. Michael has over 30 years of experience in technology and has served as Chief Information Officer (CIO) and Chief Operating Officer (COO) at Associated Third Party Administrators (ATPA) and CIO of BeneSys. He speaks at industry events and conferences, including the International Foundation of Employee Benefit Plans annual conferences, the International Foundation’s Trustees and Administrators Institutes and various chapters of the Information Systems Audit and Control Association (ISACA). Michael has authored several articles that have been published in Benefits & Compensation Digest. He earned a Certified Data Privacy Solutions Engineer (CDPSE) credential, issued by ISACA. Stoyanovich received a bachelor of arts degree from the University of Michigan and a master of public administration degree from Michigan State University.
Visit Michael on LinkedIn: https://www.linkedin.com/in/mstoyanovich/
August 2024: From Wall to Win: Empowering Your Cybersecurity Strategy with Risk Management
Most of us have heard about risk management repeatedly. But at your organization, do you truly leverage it as an essential tool? In this talk, I will address some common pain points that may make you feel like you're hitting a wall or unable to make significant progress. Challenges such as the misconception that your role is solely to prevent breaches, or executives playing the old game of cybersecurity, can be frustrating. This briefing will provide you with strategies to empower action, improve connections with the business, and gradually address tech debt, helping you feel less burdened as you continue your journey in securing the organization.
Click Here for a copy of the presentation
SPEAKER: Ace Sklar
Ace Sklar is a security leader & mentor with extensive experience across various business verticals and company sizes, including managed security service providers, pharma, healthcare, edtech, and fintech. Professionally, he is a modern-day renaissance man, having worn many hats, and in his personal life, with extreme DIY skills. Ace more often than not, tackles transformational challenges, from building security programs from scratch to up-leveling compliance-driven security programs, always leaving a legacy of excellence.
Visit Ace on LinkedIn: https://www.linkedin.com/in/acesklar/
July 2024: Just What is Reasonable Security?
Are our current security practices ‘reasonable’ in the context of increased regulatory oversight and threat actors targeting our organizations? This presentation will take a comprehensive view of reasonable security practices questioning whether current practices would be defensible in light of litigation and other risks that our organizations confront. The discussion will also highlight the important role of risk tolerance and risk treatment decisions as our organizations grapple with the question ‘Just what is reasonable security?
Click Here for a copy of the presentation
SPEAKER: Matt Stamper - Chief Executive Officer, Executive Advisors Group, LLC
Matt Stamper is a multi-time CISO with extensive experience in cybersecurity, information security, cloud security, IT audit, risk management, privacy, and governance. Matt is a former research director and security analyst at Gartner (NYSE:IT) and has extensive experience in cloud services and IT service management including international experience in Latin America and China. Matt has spoken to 1000s of CISOs and CIOs as well as other corporate leaders and boards of directors throughout his career. Matt’s experience includes early-stage startups to large, multi-national public companies spanning multiple industries including managed services, managed security services, global telecom, and advisory. Matt excels at conveying complex cybersecurity and technology concepts to boards of directors, executive management, as well as professional service providers and vendors in the cybersecurity industry.
Visit Matt on LinkedIn: https://www.linkedin.com/in/stamper/
June 2024: Collaborative CCOE, ISACA San Diego Panel Discussion: Cybersecurity Workforce
Cybersecurity is now everyone’s business!
The FBI reports more than 150% increase in cybercrime complaints across all industries in the last 5 years, totaling $37.4 billion in losses. And, the global cost of a data breach climbed over $4.45 million according to IBM. More than half of these costly attacks are aimed at small and medium-sized businesses – our region’s economic engine. Now, pair that with the global shortage of cyber professionals to thwart these attacks—to the tune of 448,000 openings in the U.S. and 5,000 here in San Diego according to Cyberseek—and it becomes mission critical to address the workforce gap.
Join ISACA San Diego and Cyber Center of Excellence (CCOE) for a panel discussion about San Diego’s cyber workforce, in-demand skills, talent attraction strategies and regional programs helping to seed and diversify the pipeline for this critical industry.
MODERATOR: Brendan Daly, CISO, City of San Diego and CCOE Board Member
PANELISTS
Sang Nguyen, Research Coordinator, San Diego Regional EDC
Yadira Ruiz, Director of Workforce Development, San Diego Workforce Partnership
Joey Tompkins, Senior Talent Acquisition & Development Manager, INDUS Technology
May 2024: Building an API Risk Management Program for Enterprises
Given the importance of APIs in digital transformation at enterprises, it is imperative for Security, Compliance and Audit professionals to better understand various API risks that pose a challenge to their organizations. In this session, we'll first identify various risks that originate from within the enterprise API ecosystems. This session will then provide an overview of an API Governance framework that effectively manages API risks. We’ll also highlight best industry practices and hands-on examples for API Risk Management.
SPEAKER: Dr. Baljeet Malhotra - Founder & CEO at TeejLab Inc.
Dr. Baljeet Malhotra, is an award-winning researcher known for his work in Open Source and API Data Management. He conceptualized the world's first "API Composition Analysis" based on source code static analysis. He founded TeejLab in 2017 and steered the team to build API Discovery and Security™, world's first comprehensive end-to-end API Management platform. Prior to TeejLab, he established the R&D unit of Black Duck Software in 2016 (acquired by Synopsys), he has also served as Research Director at SAP. He received a PhD in Computing Science from the University of Alberta and won several awards including NSERC (Canada) scholar in 2005 and Global Young Scientist (Singapore). He concurrently holds Adjunct Professor positions at the University of British Columbia, University of Victoria and University of Northern BC.
Visit Baljeet on LinkedIn: https://www.linkedin.com/in/baljeetmalhotra/
April 2024: I Graduate Next Month - What's Next?
Meet Maya Morales and Chaitanya Patel. Each is a Cybersecurity student graduating next month. Over the past 2+ years, the chapter has sponsored their memberships, supported as much as possible, and have excitedly watched them grow into the professionals they are about to become.
Join us as chapter president, Dave Tuckman, sat down with Maya and Chaitanya to discuss their journey, experience in school, experience with the chapter, and overall thoughts on next steps. The conversation is open to anyone attending with questions and/or advice for Maya, Chaitanya, as well as others in a similar state of transition.
Maya Morales - Graduate Student at the University of San Diego
Visit Maya on LinkedIn: https://www.linkedin.com/in/maya-morales-155a83199/
Chaitanya Patel - Master of Science Cybersecurity Management @ SDSU Fowler College of Business
Visit Chaitanya on LinkedIn: https://www.linkedin.com/in/chaitanyajpatel/
March 2024: The Evolution of Cloud Security What Has Changed and What Has Not
Aaron Wilson is a career security practitioner who jumped into cloud computing as an early adopter in 2013. As an inaugural security consultant at Amazon Web Services, Aaron has had a front-row seat to the emergence and growth of cloud computing in business for the past decade.
Join Aaron to explore the transformation of cloud adoption in business, encompassing shifts in usage patterns, development practices, technological advancements, emerging threats, high-profile security incidents, and the evolving landscape of regulatory compliance. We'll also revisit the principles of security that have stood the test of time, for better or for worse, and dissect how they continue to shape our approach in this ever-changing domain.
Click Here for a copy of the presentation
SPEAKER: Aaron Wilson - CTO, Managing Partner, and Co-Founder of ScaleSec
Aaron Wilson is the CTO for ScaleSec, a cloud security consulting firm. His career spans 25 years as a security professional establishing and implementing information security programs for both internal clients, customers, and cloud providers. His most recent focus and passion is adopting emerging technologies to demonstrate the value of security automation to the application development cycle.
In 2015, Aaron co-founded ScaleSec to leverage his experience as a hands-on security architect, practitioner, and leader. He has cultivated a deep understanding of the friction between corporate security and developers through his support of Fortune 500 early adopters.
Under Aaron’s stewardship, ScaleSec has emerged as a leading consulting partner for cloud programs across regulated industries including health tech, financial services, retail, and supplier/distribution companies. Logo companies include Dexcom, Capital One, and Genuine Parts Company.
Before starting ScaleSec, Aaron was a consultant for the inaugural Amazon Web Services professional services security practice. He also served as a security technical advisor for AWS services and products. Prior to AWS, he developed security programs at HP/ArcSight and built managed security services at SAIC.
Aaron holds a master's degree in computer information systems, a bachelor's degree in physics, and several relevant industry certifications. He resides with his family in sunny San Diego, California.
January 2024: Discussion on AI - From A Technical, Ethical and Societal Perspective
January 18th at 12pm: Artificial Intelligence (AI) has been an integral part of our lives whether we have realized it or not. When we book a ticket online, scroll through newsfeeds on social networks, or read the recommendations from an ecommerce site, we are engaging with an AI component in the background (Medium, 2019).
With the rise of services like Bard and ChatGPT, AI is on the verge of taking these capabilities to a new level not yet seen before.
Join us as Oscar Minks (President of FRSecure) walks us through the past, present and possible future this technology holds in store.
Topics include:
Brief historical overview of AI
AI resources available today
Potential technological. economical, and societal implications of AI
Click Here for a copy of the presentation
SPEAKER: Oscar Minks - President at FRSecure
Oscar has been working in information security for nearly two decades with experience managing Cyber Security Incident Response programs, Cyber Defense programs, Vulnerability Management programs, working closely with PCI, ISO 27001, SOC 2, and HIPAA controls to ensure compliance. Oscar currently manages FRSecures operations team of pen testers, consultants, Incident Responders, and Forensic investigators with over 75 years of combined experience. While working for large enterprise corporations Oscar managed a team of senior security managers specializing in blue team defense with multi-million dollar annual budgets.