2025 Chapter Meetings & Events
View presentations from previous ISACA San Diego chapter events.
ISACA San Diego Workshop: CMMC Compliance - Cloud Enablement and Automation: The Tale of Two Contractors
Join us for a special presentation by chapter leaders Chad Coalier and Alexander Neff, along with a large cast of industry vets/SMEs including Brian Estep, Yuri Risovanny and other special guests covering CMMC architecture in the Microsoft Azure technology stack. The presentation will cover:
CMMC: Genesis and Evolution
Audit Readiness
Audit Process
Panel Discussion
The Tale of Two Contractors
Contractor 1: Deficient Security
Contractor 2: Well Architected Security: Cloud Enablement
SPEAKERS:
Chad Coalier - Security Solutions and Cloud Architect
Chad is a seasoned Cloud and Security Architect with a specialization in Azure and a fervent passion for cloud and security technologies. With over 20 years of experience, Chad has demonstrated expertise in cloud architecture, cybersecurity, and IT operations, consistently delivering secure and scalable solutions that align with business objectives.Visit Chad on LinkedIn: https://www.linkedin.com/in/chadcoalier/
Alex Neff - Sr. Director of Information Security and Compliance at Faro Health, Inc.
Alex Neff operates as a change agent in security and has led information security programs across heavily regulated private and public sector organizations for the past 15 years. Government, Healthcare and Financial have been verticals where Alex has shown his expertise and led organizations to shift security and compliance from a checkbox to a competitive advantage. Alex currently is leading information security and IT for Pharma SaaS startup Faro Health and serves on the board of the San Diego chapter of ISACA.Visit Alex on LinkedIn: https://www.linkedin.com/in/alexanderaneff/
Brian Estep – Senior Technical Director, BME Industries | Principal Security Consultant
Brian Estep is a cybersecurity and cloud architecture leader with over 20 years of experience designing, securing, and optimizing complex IT environments. As Senior Technical Director at BME Industries, a Microsoft Gold Partner, he leads strategic initiatives spanning cloud infrastructure, scalable architectures, and compliance automation; helping clients align with regulatory standards and best practices including CMMC, HITECH, ISO 27001, and NIST 800-53.Visit Brian on LinkedIn: https://www.linkedin.com/in/estep
Yuri Risovanny - Chief Executive Officer at Connetic, a premier San Diego-based Managed Service Provider
Yuri leads a team of IT professionals and cybersecurity experts at Connetic, supporting more than 70 organizations across a wide range of industries. With over 25 years of experience in both outsourced and corporate IT, he has delivered technical expertise and support services to private and public companies, with a strong focus on life sciences, biotechnology, and professional services.
Visit Yuri on LinkedIn: https://www.linkedin.com/in/yuri-risovanny/
Collaborative ISACA San Diego & SecurityStudio Academy Webinar: Vulnerability Management For SMBs
In collaboration with SecurityStudio Academy, ISACA San Diego is excited to announce a special presentation, focused on vulnerability management for SMBs.
I often ask myself how a small to medium sized business could effectively perform Vulnerability Management? The numbers are always so overwhelming and seem impossible to overcome. In this talk, I will be discussing how I walk teams through eating that elephant one bite at a time and effectively drive numbers down while ensuring the business remains fully operational.
This presentation is open to the public, available at no cost, and designed for curious minds of all ages and level(s) of technological experience. Participants will receive 1 CPE for attending/participating in the presentation.
Click Here for a copy of the presentation
SPEAKER: Daniel Ovick - Sr. Cybersecurity Analyst
Currently employed at a large Healthcare organization in the Midwest as a Sr. Cybersecurity Analyst specializing in Vulnerability Management and Risk Management. Over the past few years Dan has focused in the Vulnerability Management space and changing not just Vulnerability Management processes but changing the culture around the organizations perception of Vulnerability Management. By collaborating and partnering with teams to effectively mitigate and remediate vulnerabilities, we achieved an 80% reduction in vulnerabilities year one and 50% in year 2.
Additionally, Dan plays an active role with SecurityStudio Academy, serving on the advisory board and as president of Minnesota Regional CvCISO Local Chapter. The Regional chapter is a new pilot program, designed to help support the academy and its membership community. Through this pilot program, the academy will be spinning up additional chapters nationwide.
Visit Dan on LinkedIn: https://www.linkedin.com/in/dovick/
Collaborative CSA and ISACA SD June Event: From Chaos to Control - Taming Shadow Data with DSPM
Join CSA San Diego and co-host ISACA San Diego on our next event in June. Big thanks to our sponsor, Lightbeam.ai. From Chaos to Control - Taming Shadow Data with DSPM Learn how identity-centric Data Security Posture Management (DSPM) simplifies discovery, classification, and remediation of data security risks by linking sensitive data to people and business context. This session covers how to reduce breach exposure, enforce data governance policies dynamically, and eliminate visibility gaps such as third-party access to customer data.
Click Here for a copy of the presentation
SPEAKER: Priyadarshi (PD) Prasad, Co-Founder and Chief Product Officer
Visit PD on LinkedIn: https://www.linkedin.com/in/pdprasad/
ISACA San Diego Special Virtual Webinar: The Hidden Vulnerability - A New Way to Solve the Third-Party Breach Puzzle
Despite our best efforts to vet third parties individually, third-party data breaches still occur. Current third-party risk assessments focus solely on third parties in isolation, leaving an unexamined, cumulative, residual risk of data breach building with each third party. It is time to unveil this cumulative risk by using a clear, simple and data-driven strategy that’s built to predict and prevent.
Join us in a virtual workshop where we’ll introduce you to a breakthrough formula to predict the expected frequency of such third-party data breaches. The workshop is centered around a new white paper that elevates third-party risk management from compliance checkbox to a proactive strategy for risk mitigation. This new formula has been validated using real-world breach data and can be operationalized to protect revenue streams, strengthen business continuity, and, most importantly, move the needle on real risk reduction. We will also introduce a new concept for vendor management, Cumulative Risk Budgeting, which is a method for allocating risk to different categories of third parties based on breach probability and data sensitivity.
Takeaways include:
How to perform a simple calculation to determine expected breach frequency.
A user-friendly template to assist in calculating breach frequency for your own organization
How to explain the basis of the calculation.
How to communicate the results to business leaders. ·
And a white paper to reference and share.
Whether you are a CISO, CIO, COO, Risk Director, Analyst, Auditor, Regulator or Compliance leader, this session will equip you with a practical tool to make informed, faster and more defensible decisions in a massively outsourced third-party universe.
Click Here for a copy of the presentation
Click Here for a copy of the BPI Template
SPEAKERS:
Dr. Thomas Lee is the CEO of VivoSecurity, a Silicon Valley based company focused on data collection, regression modeling and machine learning, to bring predictability to the randomness of data breach. Thomas has more than 30-years of experience finding “signal in noise”, for industrial engineering, for business and for medicine, using digital signal processing, digital image processing, pattern matching in Fourier space, regression analysis, singular value decomposition, and machine learning. In cybersecurity, Thomas has developed models to forecast online banking fraud, probability for PII data breach, probability for lawsuits and costs in the event of a PII data breach. Thomas has given many talks on a science-based approach to security including to ISACA, ISC2 and ISSA chapters, and Black Hat (SecTor) Canada.
Thomas holds BS degrees in Physics and Electrical Engineering from the University of Washington, and PhD in Biophysics from the University of Chicago.
Dr Thomas Lee: https://www.linkedin.com/in/thomas-lee-phd-b7766b10/Patricia Drooff - Patricia is an InfoSec and GRC leader with rare expertise in applying probability theory and regression modeling to the management of third-party data breach risk. She is skilled in architecting and maturing risk management and GRC programs in industries including healthcare, global marketing, SAAS, nuclear research and power generation.
Patricia holds a BA in Biology with a concentration in Chemistry from Regis College and an MS in Health Physics from The University of Massachusetts.
Patricia Drooff: https://www.linkedin.com/in/patriciadrooffTimothy Smith - Tim is retired after 20 years with KPMG LLP and KPMG International. His most recent role was in product development of the data management component of KPMG’s audit software, KPMG Clara. He previously led the IT Audit practice for KPMG’s San Diego office and also served as IT Audit Manager in LPL Financial, the nation’s largest independent broker-dealer.
Tim is a California-licensed CPA, a Certified Information Systems Auditor (CISA) and a Certified Information Technology Professional (CITTP). He received a BA in Chinese from UCLA and had an earlier career as a translator.
Tim Smith: https://linkedin.com/in/timothyksmith
June 2025 Meeting: Introducing an AI Risk Management Framework for Responsible Innovation
Whether you like it or not, Artificial Intelligence (AI) technologies are increasingly integrated into our daily lives. It has strong potential to transform our society, reshape industries and decision-making processes, drive inclusive economic growth, and foster scientific advancement. Organizations must proactively address the risks associated with their design, development, and implementation.
This presentation will introduce the AI Risk Management Framework, published by NIST (National Institute of Standards and Technology) in January 2023. We’ll explore key components of the framework and related guidance with applicable international standards, guidelines, and practices. Attendees will gain insights into balancing innovation with responsibility, ensuring that AI systems are trustworthy, and how risk management will help to cultivate public trust.
Click Here for a copy of the presentation
SPEAKER: Jennifer Cheung - Cybersecurity Researcher Scientist and Engineer Jennifer Cheung is a mathematician who became a cybersecurity engineer and has been working in the field since August 2014. Her role as a research scientist for the past five years exposed her to emerging technologies such as Artificial Intelligence, homomorphic encryption, and quantum computing. She primarily worked with the NIST Risk Management Framework for about four years before taking on the research scientist role as a Navy Civilian. She has a master’s degree in Applied Mathematics. She was awarded a Fulbright study/research grant on Quantum Informatics in Denmark during 2011-2012.
In August 2020, she founded the WiCyS (Women In Cybersecurity) San Diego Affiliate and was the Affiliate President for three years. She has been outspoken about building a more diverse and inclusive cybersecurity workforce of the future, encouraging and helping others to break into the field.
Visit Jennifer on LinkedIn: www.linkedin.com/in/jennifercheung
Collaborative ISACA San Diego & SecurityStudio Academy Online Event: Reframing GRC to Drive Trust, Not Tension
In collaboration with SecurityStudio, ISACA San Diego is excited to announce a special presentation, focused on providing cybersecurity professionals with the tools to frame governance, risk, and compliance (audit) conversations in a way the business understands and values, while recognizing how mindset and communication shape outcomes for both themselves and their partners. Presenters Sonal Chandler and Keshawn Hughes will cover:
Opening Remarks & Framing
The Persona Problem: Techies in the Corner
Why Cybersecurity Needs a Seat at the Table
Translating Risk: From Controls to Conversations
Auditing with Purpose, Not Just Process
From Compliance Enforcer to Strategic Enabler
Having a Voice in Risk Conversations
What a Healthy Risk Culture Actually Looks Like
Final Takeaways + Tools
(Sonal and Keshawn will provide 2 takeaway documents for attendees)Q&A
SPEAKERS:
Sonal Chander - Founder & CEO of Minerva Consulting Inc
Sonal Chandler is the Founder and CEO of Minerva Consulting, a Managed Cybersecurity Service Provider (MCSP) based in Alpharetta, GA. As a certified vCISO (virtual Chief Information Security Officer), she provides clients with Cyber Risk Management and AI Consulting services. Sonal’s career spans Fortune 500 companies, boutique consulting firms, and early-stage startups. She works primarily with small to mid-sized organizations, including financial firms, legal practices, and healthcare providers, helping them navigate cyber risks and harness the power of AI.
Minerva Consulting is also a certified Women-Owned Business through WBENC and is known for translating complex technology into practical, business-ready solutions. Beyond her consulting work, Sonal hosts the Minerva Meets podcast and writes Mind Spark, a blog that explores the challenges at the intersection of business and technology.Visit Sonal on LinkedIn: https://www.linkedin.com/in/sonalshahchandler
Keshawn Ridgel Hughes - Founder at NeuroSavvy Leadership
Keshawn Hughes, M.S. is a NeuroLeadership Strategist, Executive Coach, and Founder of NeuroSavvy® Leadership, a WBENC- and WOSB-certified firm transforming workplaces through brain science and authentic leadership. With over 20 years of experience guiding global brands, Keshawn integrates neuroscience, communication, and business strategy to help corporations improve employee productivity, retention, and engagement.Known for her ability to make complex brain science deeply practical, Keshawn equips HR and Tech leaders with proven strategies to enhance well-being, fuel performance, and develop cultures of high-impact leadership. She is certified by the International Coaching Federation (ICF) and actively involved with the Society for Human Resource Management (SHRM) and the Association for Talent Development (ATD).
Based in Atlanta, Georgia, Keshawn lives with her husband and daughter, and brings heart, clarity, and bold insights to every stage she steps on.
Visit Keshawn on LinkedIn: https://www.linkedin.com/in/keshawnridgelhughes
May 2025 Meeting: Humans are Hard, Code is Easy
Feeling stuck in your cybersecurity career? Are you a highly skilled security professional who feels like you're hitting a plateau?
This session will help you:
Identify and overcome the obstacles that are hindering your career progression.
Develop the essential leadership, influence, and collaboration skills needed to succeed in today's dynamic security landscape.
Learn how to effectively communicate your value and build strong relationships with key stakeholders.
Gain actionable insights on how to set yourself apart from the competition and achieve your career aspirations.This session is for experienced security professionals who are ready to take their careers to the next level.
SPEAKER: Tom Henricksen - Digital Applications Developer at Blue Cross NC
Tom Henricksen is a seasoned technology leader with two decades of experience in navigating complex challenges and building high-performing teams. He brings a wealth of practical knowledge to his role as a Speaker and Writer at Code is Easy, where he's dedicated to empowering others with the skills and insights they need to succeed in the ever-evolving world of technology.
Visit Tom on LinkedIn: https://www.linkedin.com/in/tomhenricksen/
April 2025 Meeting: Updates in SOC Reporting – What You Need to Know
We are thrilled to announce an exciting learning opportunity. The ISACA San Diego Chapter will host Priya Kumar, Senior Manager at Moss Adams, who will share her expertise on the latest changes in SOC reporting.
Priya will dive into the implications of these changes for organizations that:
Engage auditors to perform SOC audits.
Rely on SOC reports to evaluate internal controls that operate service providers.
This is a fantastic chance to deepen your understanding of SOC reporting and its impact on the industry. Don’t miss out!
Zoom attendance is open to the public (you do not need to be a chapter member), and available at no cost. Attendees are eligible for 1 CPE when meeting attendance requirements.
Click Here for a copy of the presentation
SPEAKER: Priya Kumar - Senior Manager, IT Compliance and Consulting, Moss Adams
Priya has worked in IT compliance since 2013, with a focus on System and Organization Control (SOC) readiness assessments and SOC 1 and SOC 2 engagements, in addition to evaluating and testing the design and operating effectiveness of IT general controls. She also has experience performing Sarbanes-Oxley (SOX) control assessments.
Priya has worked with clients in various industries including financial institutions, technology, higher education, and entertainment. She has experience in a variety of IT areas and technical environments including project management, quality assurance, and network and application security. Prior to joining Moss Adams, Priya held IT roles at several high-profile companies in the entertainment and retail industries.
Visit Priya on LinkedIn: https://www.linkedin.com/in/priya-kumar-4269b53a/
March 2025 Meeting: Navigating the Future of Cyber Threats and Governance
As the cybersecurity landscape continues to evolve, organizations must strengthen their approach to risk mitigation, compliance, and governance in the face of emerging threats. Join us for an insightful presentation, "Navigating the Future of Cyber Threats and Governance," where industry experts will explore how organizations can enhance their security posture through proactive risk management, regulatory alignment, and strategic use of technology, including artificial intelligence.
While AI introduces new risks and opportunities, this session will focus on its role as an additive element within broader cybersecurity strategies. Key discussion points include effective risk mitigation frameworks, adapting compliance programs to address evolving threats, and integrating AI-driven tools to enhance governance without compromising security.
Attendees will gain valuable insights into strengthening their organizations against emerging cyber threats while ensuring regulatory compliance. The session is designed for cybersecurity leaders, risk professionals, and compliance officers seeking to deepen their understanding of today’s threat landscape.
Click Here for a copy of the presentation
SPEAKER: Robert Renzulli, CISO/Security Strategist
Robert is the Founder of CyberGeist Security LLC. Robert is a 35+ year veteran security professional with knowledge and expertise in the trenches and, on a global scale, protecting governments and organizations worldwide.
Before founding CyberGeist Security in 2020, Robert held the Chief Information Security Officer (CISO) role for the Port of San Diego for three years. He successfully led the Incident Response/Investigation teams as the Incident Commander during a "SAM-SAM" Ransomware event in 2018. Robert and his team successfully collected forensic data, which they provided to Law Enforcement, which contributed to the Indictments of two foreign Nationals that targeted more than 200 public safety institutions and municipalities, including U.S. hospital systems and governmental entities, with the Port being the last.
He created CyberGeist Security to address the complex gaps in our National Security within the sixteen critical Infrastructure domains identified by DHS CISA. He works with the United States Coast Guard (USCG) Cyber Protection and Intelligence offices, Naval Research Laboratories, Defense Advanced Research Projects Agency (DARPA), Pennsylvania Public Utility Commission, and other private and public agencies.
Visit Robert on LinkedIn: https://www.linkedin.com/in/rrenzulli/
February 2025 Meeting: Cybersecurity as an ESG Concern
Environmental, Social and Governance programs are growing in importance, currently driven by foreign regulation, investor demand and public interest. Every cybersecurity professional should understand what is ESG, where do the requirements come from and what could be its impact on an organization’s cybersecurity program, activities and oversight.
SPEAKER: Marty Barrack, Chief Legal and Compliance Officer at XIFIN, Inc.
This discussion will be presented by Marty Barrack, J.D., MBA, CISM, CRISC, CCISO, CIPP/US, CIPP/E, FIP, CIPM, CHC, CCEP. Marty is the CISO for XiFin, a San Diego based healthcare technology company, where he also serves as its Chief Legal Officer and is responsible for its ESG program. Dave Tuckman will present the ISACA Digital Trust Ecosystem Framework as a useful framework to view cybersecurity activities from an ESG perspective.
Visit Marty on LinkedIn: https://www.linkedin.com/in/marty-barrack-1045311/
Join Emily O'Carroll, Field CISO at GuidePoint Security to understand how AI is helping organizations optimize and mature their cybersecurity program at a rapid pace, and also risks and considerations cybersecurity practitioners should consider as generative AI transforms our companies, organizations, schools, and way of life.
Click Here for a copy of the presentation
SPEAKER: Emily O'Carroll, Field CISO - GuidePoint Security
Emily O'Carroll is a seasoned cybersecurity and GRC leader with nearly 2 decades of experience building resilient cybersecurity programs and teams from inception. Emily started her career in management consulting at KPMG, and then was the CISO at Topgolf Callaway Brands for over 9 years. Emily built the cybersecurity program at Topgolf Callaway Brands and expanded the team from 2 to 34 global employees. Emily also oversaw the cyber due diligence and integrations for 4 major acquisitions during a period of extreme growth for the company. Emily recently moved back into a consulting role at GuidePoint Security as a Field CISO where she can leverage her leadership and industry experience to ensure clients in the Southwest are better protected and secure.
Visit Emily on LinkedIn: https://www.linkedin.com/in/emily-ocarroll/