2026 Chapter Meetings & Events

View presentations from previous ISACA San Diego chapter events.

Latest Happenings In the CvCISO Community

This Coffee Talk features an open, conversational interview with Evan Francen (Founder of FRSecure, SecurityStudio, Academy, Mirrored Defense, CISSP Mentor Program, etc.), looking at everything happening within SecurityStudio Academy and discussing his return as instructor for the upcoming July CvCISO Foundations Course in July.

SPEAKER: Evan Francen - Co-Founder FRSecure, SecurityStudio, CISSP Mentor Program, CvCISO, et al. | CISO and vCISO Advocate | Podcast Host | Mentor | Speaker | Author

Evan Francen is a cybersecurity leader, founder, and trusted advisor with decades of experience helping organizations build and improve their information security programs. He has worked extensively with executive teams and boards, led security organizations, and responded to major incidents, bringing practical, real-world insight into how security actually operates under pressure.

Known for his candid and straightforward approach, Evan focuses on cutting through complexity to address the human and organizational factors that often drive security outcomes. He is also an educator and speaker who has helped thousands of security practitioners better understand risk, accountability, and leadership in cybersecurity.

Visit Evan on LinkedIn: https://www.linkedin.com/in/evanfrancen/

From Months to Minutes: How AI Is Rewriting Vulnerability Management

AI‑driven vulnerability discovery has entered a new phase; one where the time between finding a flaw and exploiting it has collapsed from months to hours. The Cloud Security Alliance’s Mythos CISO report outlines a rapidly accelerating threat landscape and the urgent need for organizations to rethink risk, patching, governance, and operational readiness. 

Whether you’re a CISO, security practitioner, auditor, engineer, or student, this session will help you understand the strategic, operational, and cultural shifts required to build a Mythosready security program. 

SPEAKERS 

Moderator: Matt Stamper 

CISO | Author | Governance & Risk Leader Matt Stamper is a seasoned cybersecurity and governance executive with deep experience advising boards, CISOs, and global organizations on risk management, compliance, and operational resilience. A recognized thought leader and co‑author of CISO Desk Reference Guide, Matt brings a unique blend of strategic insight and practical experience to conversations about modern security leadership. 
Visit Matt on LinkedIn: https://www.linkedin.com/in/stamper  

Panelist: Marty Barrack — Business Perspective 

Executive Leader | Risk & Strategy Advisor Marty Barrack is a senior business and technology executive with extensive experience aligning cybersecurity strategy with organizational objectives. His background spans enterprise leadership, operational risk, and digital transformation, giving him a front‑row view into how AI accelerated threats reshape governance, investment decisions, and executive expectations. 
Visit Marty on LinkedIn: https://www.linkedin.com/in/marty-barrack-1045311  

Panelist: Chad Coalier — Technical Perspective 

Cybersecurity Engineer | Offensive & Defensive Operations Chad Coalier is an experienced cybersecurity engineer with a background in offensive testing, detection engineering, and incident response. His technical insights bridge the gap between attacker capabilities and defender readiness, making him uniquely positioned to discuss the operational realities highlighted in the Mythos CISO report. 
Visit Chad on LinkedIn: https://www.linkedin.com/in/chadcoalier  

Panelist: Alex Neff — Technical Perspective 

Security Architect | Cloud & AI Security Specialist Alex Neff is a hands‑on security architect with deep expertise in cloud security, automation, and modern defensive engineering. His work focuses on building scalable, resilient security programs capable of operating at machine speed — a critical requirement in the Mythos era. Alex brings a practitioner’s view of what defenders must change today to stay ahead of AI‑driven exploitation. 
Visit Alex on LinkedIn: https://www.linkedin.com/in/alexanderaneff/  

Panelist: Dave Tuckman — Academic Perspective 

Executive Director, SecurityStudio Academy | President, ISACA San Diego Dave Tuckman leads SecurityStudio Academy, where he designs accessible, high‑impact cybersecurity education programs for emerging and established professionals. As President of ISACA San Diego, Dave brings an academic and workforce‑development lens to the Mythos discussion — focusing on how education, training, and leadership development must evolve to prepare the next generation of CISOs. 
Visit Dave on LinkedIn: https://www.linkedin.com/in/davetuckman  

The Agent Economy Is Here. Your Board Is Not Ready. Why Agentic AI Demands More Than an API Wrapper

This session examines what the agentic economy requires from boards, audit committees, and internal audit leaders. It covers the structural shift from recommending AI to acting AI, the identity and credential risks most audit frameworks have not yet addressed, why existing governance standards — COSO, COBIT, SOX ITGC — were not built for continuously operating autonomous systems, and the four governance exposures internal audit cannot afford to defer. The session draws on formal verification research, named industry deployments, and a published practitioner framework to give attendees a concrete basis for action.

SPEAKER: Tibyasa Matovu, Chief Audit Officer | Founder at Wahoo Audit | AAIA, CISA

Tibyasa Matovu is a chief audit and risk executive with 20 years governing enterprise risk, regulatory accountability, and control integrity across complex financial services environments. He is the founder of Wahoo Audit, a principal-led AI governance and internal audit advisory practice. Tibyasa advises boards and executives on the governance implications of frontier technology and positions internal audit as a strategic trust architecture function.

Visit Tibyasa on LinkedIn: https://www.linkedin.com/in/tibyasa-matovu/ 

Click here for a copy of the presentation

Collaborative ISACA San Diego & SecurityStudio Academy April Event:
Charting Your Education & Career Path In Today’s Complex Landscape

The discussion covers traditional degree pathways, industry certifications, and a range of resources that help learners (and their parents) navigate today’s evolving education landscape. Attendees will gain clarity on how to choose the right path, build momentum, and make informed decisions that support long-term success.

SPEAKER: Bruce A. Lindvall - Assistant Dean for Graduate Studies (Retired from Northwestern University)

Bruce recently retired from Northwestern University in November 2023 after serving as assistant dean for graduate studies in the McCormick School of Engineering for 18 years. In that role he was responsible for recruiting graduate students, overseeing MS and PhD admissions, and also providing student services to over 1000 PhD students and over 500 MS students.

Visit Bruce on LinkedIn: https://www.linkedin.com/in/bruce-lindvall-2353944/

A Look at Hack Space Con 2026: What to Know and Expect

As a participant of every previous Hack Space Con, Phillip shares what makes this one of the most unique cybersecurity and aerospace‑focused conferences in the country; from hands‑on trainings and hacking villages to the incredible venue at the Kennedy Space Center. Whether you're a student, a professional, or a parent supporting someone entering the field, you get an inside look at what to expect, how to prepare, and why this event has become a must‑attend experience.

SPEAKER: Phillip Wylie - Chief Security Evangelist/Senior Consultant at Suzu Labs

Phillip Wylie is a globally recognized offensive security professional and Chief Security Evangelist at Suzu Labs. He co-authored The Pentester Blueprint, hosts The Phillip Wylie Show, Simply Offensive, and CYBR.HAK.CAST is a frequent speaker in the US and internationally.

Visit Phillip on LinkedIn: https://www.linkedin.com/in/phillipwylie/

Risk is good: A Hacker's Guide to Managing GRC When you don't have a killer refresh rate

“We turned tribal knowledge into a repeatable, auditable playbook — think blue‑team discipline with rogue‑hacker swagger.

What we did:

  • Recon: Interviewed engineers, architects, analysts, and leaders to expose undocumented ops and inconsistent controls.

  • Exploit the gaps: Mapped policies, SOPs, and GRC to reveal missing/ineffective controls and untracked risks.

  • Score & Prioritize: Work with second line of defense to standardized risk scoring (likelihood × impact) aligned to NIST/ISO.

  • Deploy the framework: Process → Risk → Controls with owners, templates, review cadences, and preventive/detective/corrective controls.

  • Ship culture: Accessible docs, continuous monitoring, and training to make resilience repeatable.

Result: From chaotic scripts to a hardened playbook — proactive risk management that works.

SPEAKERS:

  • Curtis Jones - Technology Analyst II at LPL Financial

Click here for a copy of the presentation

Demystifying AI: A Practical Guide to Understanding the Paradigm Shift

This workshop is a 3-hour event hosted by 5 AI professionals and a career coach.

It is a guide to understanding AI from the perspective of its:

  • Market Segmentations

  • Development Models

  • Security

  • Career Paths.

The presentation will dive in depth into each area to offer clarity on these often-confusing topics. A live presentation of “Vibe Coding” will also be demonstrated.

The Career Paths segment will discuss how the job market has shifted and what a beginning, mid-level, or seasoned professional can do to navigate and succeed in the career in the age of AI.

Click here for a copy of the presentation

SPEAKERS:

  • Chad Coalier - Security Solutions and Cloud Architect

  • Alex Neff - Sr. Director of Information Security and Compliance at Faro Health, Inc.

  • An Huynh, Agentic AI Teacher at Amazon

  • Chris Ward, CEO at Fire Mountain Labs

  • Dr. Josh Harguess, CTO at Fire Mountain Labs

  • Coach Dave, IT Career and Life Coach

Collaborative ISACA San Diego & SecurityStudio Academy February Event:
How IT Security Professionals are Finding Their Next Job

This Coffee Talk brings together ISACA San Diego and SecurityStudio Academy for an insightful conversation with Tom Welke, a veteran technology and cybersecurity recruiter with decades of experience connecting organizations with top security talent.

Tom shared practical perspectives on today’s cybersecurity hiring landscape, including what employers are really looking for, how candidates can stand out, and how the talent market is evolving.

SPEAKER: Tom Welke - Partner & VP at RSM Solutions, Inc.
Tom is probably the biggest fan of 'good karma' and spreading as much good will as possible.  He helps IT and Security Executives for no fee.  He has a number of tips to offer and free advice to give to anyone who is stuck in their search, starting off their search, or in a role that isn't exactly the best fit for them.

Joint CSA and ISACA SD February Event - Securing Data in the Age of GenAI

We’re diving into one of the fastest-growing and most chaotic frontiers in cybersecurity today - the sprawl of unstructured data supercharged by GenAI and the continuing explosion of digital content. As the old boundaries of DLP crumple, we’ll explore the new realities of data protection in an AI-driven world. From shadow data and model leaks to the emerging strategies that will define how organizations safeguard knowledge going forward.

SPEAKERS:

- Mikael Vinding, CISO at AP Technology

- Ben Mead, Director of Cybersecurity & Infrastructure at Avidity Biosciences

ISACA San Diego February Meeting: Checkboxes to Judgement: Lessons in Modern Risk Thinking

Key talking points:

  • GRC misconceptions

  • Challenging the policy / compliance / check-the-box / prescriptive / rigid approaches to controls, programs, and frameworks

  • Personal lessons learned and what I wish I knew earlier about risk, compliance, etc. – story telling and reflections on mistakes/misconceptions, how my perspective of risk and program design has evolved over time, advice for a ‘future self’

  • AI-enabled working approaches for program and policy build – how to evolve one’s approach and mindset

Click here for a copy of the presentation

SPEAKER: Lisel Newton - Executive Director, InfoSec, Risk & Compliance at Gossamer Bio

Lisel Newton is a seasoned IT professional with over 15 years of experience leading IT functions, including information and cybersecurity, data privacy, GRC, third-party vendor management and more.  Lisel holds the CISSP, CISA and CDPSE certifications.  Her career experience includes KPMG consulting and advisory services, as well as public company employment, where Lisel has built and led successful IT programs focused on meeting regulatory and compliance requirements including NIST, GDPR, GXP, SOX, ISO, SOC and more. 

Connect with Lisel on LinkedIn: https://www.linkedin.com/in/liselnewton/

Collaborative ISACA San Diego & SecurityStudio Academy January Event:
An Informal Conversation about APIs

APIs are everywhere—and most organizations lack a proper program for managing their security. Join us for an engaging discussion on what APIs are, why they matter, and the risks they introduce when left unmanaged. We’ll cover what organizations need to know, actionable next steps, and why SecurityStudio Academy created the API Security and Governance program to help professionals address this growing challenge.

This session is perfect for security professionals, technologists, and students who want practical insights into API security and governance. Don’t miss this opportunity to learn, ask questions, and walk away with steps you can take immediately to strengthen your organization’s security posture.

SPEAKER: Dr. Baljeet Malhotra - Founder & CEO at TeejLab Inc.

Dr. Baljeet Malhotra, is an award-winning researcher known for his work in Open Source and API Data Management. He conceptualized the world's first "API Composition Analysis" based on source code static analysis. He founded TeejLab in 2017 and steered the team to build API Discovery and Security™, world's first comprehensive end-to-end API Management platform.

Visit Baljeet on LinkedIn: https://www.linkedin.com/in/baljeetmalhotra/

ISACA San Diego January Meeting: Cybersecurity's Dirty Secret: Why Most Budgets Go To Waste

What if attending an event could show you how to save your company thousands to millions in wasted cybersecurity spending?

That’s not hype, it’s the reality when you stop treating spending dollars like a bottomless pit and start treating it like a business strategy.

Most executives assume the more money they throw at cybersecurity, the safer they’ll be. Wrong. In fact, the bigger your budget, the more likely you’re bleeding cash on shelfware, pointless meetings, and “solutions” that solve nothing. This event flips the script: it shows you how to slash costs, cut risk, and still move faster than your competition.

Click here for a copy of the presentation

SPEAKER: Ross Young, Co-host, CISO Tradecraft

From CIA officer to enterprise CISO, Ross Young has spent two decades at the forefront of cybersecurity. He’s the co-host of CISO Tradecraft, creator of the OWASP Threat and Safeguard Matrix (TaSM), and a recognized leader who has served as CISO in Residence at Team8, CISO of Caterpillar Financial, instructor at Johns Hopkins University, and divisional CISO at Capital One.

Connect with Ross on LinkedIn: https://www.linkedin.com/in/mrrossyoung/