Previous Chapter Meetings & Event Recordings

View presentations from previous ISACA San Diego chapter events.

2023

December 2023: A Review of Chapter Board Elections and Vision Into the New Term

December 21st at 12pm: A panel discussion reviewing our recent Board of Directors election, and the Chapter’s vision for the new term. The panel will be composed of current Board members, and those taking new leadership roles. We'll discuss initiatives, presentation/presenter options, community engagement, and more.

PANELISTS

New Term President: Dave Tuckman
New Term Vice-President: Rich Gann
New Term Secretary: Aparna Seksaria
New Term Treasurer: Tim Smith

ADDITIONAL BOARD MEMBERS

Community Outreach: Matt Stamper
Membership Director: Lucy Maxwell

November 2023: FRSecure’s 2023 The State of Information Security Report

FRSecure (an Information Security company located in Edina, MN) took the results of +/- 400 Validated Information Security Assessments and 55 Incident Response Engagements conducted in 2022, and have created an anonymized report from the data called: The State of Information Security. Full details and access to the report are available here: https://frsecure.com/2023-annual-infosec-report/

In this presentation, ISACA San Diego chapter president Dave Tuckman will highlight key findings in the report, and what we can learn from it. Understand how you can mitigate risk going forward to protect your business and clients in an ever-changing threat landscape. Dave will provide the additional perspective of how you can leverage this information for a better understanding of your third-party (supply, vendor, contractor) relationships.

Topics include:

FRSecure’s Annual State of InfoSec Report, informed by over 400 validated security assessments
Where organizations are getting it right vs. falling behind
How you can use this report to inform your own business’s security decisions
How you can use this report to inform your business’s Third-Party Risk Management

Click Here for a copy of the report

SPEAKER: Dave Tuckman - ISACA San Diego chapter president and Information Security Consultant / vCISO at FRSecure

Dave is an InfoSec professional with over 30 years of successful experience in executive level, engineering, operations, sales, business development & client relations. Additional experience in consulting, project management, public speaking and entrepreneurship (having 2 built and sold 2 businesses).

Presently Information Security Consultant / vCISO at FRSecure, working with organizations (across a variety of different industries) to develop Information Security programs and solve complex information security challenges. Acting as their vCISO, I provide specialized expertise, up-to-date knowledge and leadership consulting by assessing their current situation, evaluating trends, and anticipating requirements.

Certifications include C|CISO, CvCISO, CISM, CISSP, C|EH, CDPSE, Security+, CSX-F, HIPAA Certified Professional, and multiple vendor certifications from Microsoft, ESET, Invicti and others.

Member of ISACA, ISACA San Diego, (ISC)2 San Diego, Comptia, EC-Council, Infragard. Celebrating 6 years volunteering on the ISACA San Diego Board, and President for the 2022-2023 term.

Visit Dave on LinkedIn: https://www.linkedin.com/in/davetuckman/

September 2023: Pen Testing Your Privacy Program

Local thought leaders Justine Phillips and Matt Stamper will present what an organization needs to know, in developing a privacy program that has a solid foundation, is adaptable and scalable for what is an ever-changing environment. Unfortunately, we are unable to provide a video recording of this month’s meeting, but we do have a copy of the presentation available.

Click Here for copy of the presentation slide deck

SPEAKERS: Justine Phillips - Cyber & Privacy Partner at Baker & McKenzie

Justine focuses her practice on both proactive and reactive cybersecurity and data privacy services, representing clients in matters related to information governance, diligence in acquisitions and investments, incident preparedness and response, the California Consumer Privacy Act, privacy litigation, and cyber litigation. As a co-author of the recently published "Data Privacy Program Guide: How to Build a Privacy Program that Inspires Trust," CISO DRG Publishing, 2022, Justine frequently speaks and writes on privacy and cyber issues.

Visit Justine on LinkedIn: https://www.linkedin.com/in/justinephillips/

Matt Stamper - Chief Executive Officer, Executive Advisors Group, LLC

Matt Stamper is a multi-time CISO with extensive experience in cybersecurity, information security, cloud security, IT audit, risk management, privacy, and governance. Matt is a former research director and security analyst at Gartner (NYSE:IT) and has extensive experience in cloud services and IT service management including international experience in Latin America and China. Matt has spoken to 1000s of CISOs and CIOs as well as other corporate leaders and boards of directors throughout his career. Matt’s experience includes early-stage startups to large, multi-national public companies spanning multiple industries including managed services, managed security services, global telecom, and advisory. Matt excels at conveying complex cybersecurity and technology concepts to boards of directors, executive management, as well as professional service providers and vendors in the cybersecurity industry.

Visit Matt on LinkedIn: https://www.linkedin.com/in/stamper/

August 2023: Tackling Cyber & Privacy Risks in the Compliance Era

Learn how to navigate the complexities of securing data on the move and map to various compliance regulations. More specifically, we’ll explore the adoption of the NIST Cybersecurity and Privacy Frameworks, the implementation of Zero-Trust security, and the benefits of unifying communication systems and audit logs.

Learn about the challenges of using disparate communication systems and gain valuable strategies for tracking and controlling data movement to meet regulatory requirements.
Understand the role of Digital Rights Management (DRM) in safeguarding sensitive data.
Enhance your company's compliance posture and stay ahead in a rapidly evolving regulatory landscape with strategies to track, control and protect data in a "data everywhere" world.

Click Here for copy of the presentation slide deck

SPEAKER: Tim Freestone - Chief Strategy and Marketing Officer

Tim joined Kiteworks in 2021 and brings over 15 years of experience in marketing and marketing leadership, including demand generation, brand strategy, and process and organizational optimization. Tim was previously Vice President of Marketing at Contrast Security, a scale-up application security company where he built out the marketing organization globally, modernized and mechanized the team's execution, and elevated the company into a world-class brand. Before Contrast, Tim was the Vice President of Corporate Marketing at Fortinet, a multi-billion-dollar, next-generation firewall and cloud security company. In that role, he rebranded Fortinet and built out the comprehensive go-to-market operations for eight solutions encompassing more than 30 products. Prior to Fortinet, he was Director of Americas Demand, Strategy and Operations at NetApp where he built out the programmatic demand execution for the Americas and optimized operations to ensure effective lead flow and opportunity creation through sales. Before NetApp, Tim co-founded a marketing services agency where he created and led the execution of hundreds of marketing programs for large and small technology companies. Tim holds a Bachelor’s degree in Political Science and Communication Studies from The University of Montana.
Visit Charles on LinkedIn: https://www.linkedin.com/in/freestone/

May 2023: API Governance for Enterprise Risk Management

Given the importance of APIs in digital transformation at enterprises, it is imperative for Security, Compliance and Audit professionals to better understand various API risks that pose a challenge to their organizations. In this session, we'll first identify various risks that originate from within the enterprise API ecosystems. This session will then provide an overview of an API Governance framework that effectively manages API risks. We’ll also highlight best industry practices and hands-on examples for Enterprise Risk Management.

SPEAKER: Dr. Baljeet Malhotra - Founder & CEO at TeejLab Inc.
Dr. Baljeet Malhotra, is an award-winning researcher known for his work in Open Source and API Data Management. He conceptualized the world's first "API Composition Analysis" based on source code static analysis. He founded TeejLab in 2017 and steered the team to build API Discovery and Security™, world's first comprehensive end-to-end API Management platform. Prior to TeejLab, he established the R&D unit of Black Duck Software in 2016 (acquired by Synopsys), he has also served as Research Director at SAP. He received a PhD in Computing Science from the University of Alberta and won several awards including NSERC (Canada) scholar in 2005 and Global Young Scientist (Singapore). He concurrently holds Adjunct Professor positions at the University of British Columbia, University of Victoria and University of Northern BC.
Visit Baljeet on LinkedIn: https://www.linkedin.com/in/baljeetmalhotra/

April 2023: Zero Day Exploits - What They Are and The Value They Possess

Unfortunately, something corrupted the recording of this month’s meeting, so we don’t have it available. However, we do have a copy of the presentation available.

Click Here for copy of the presentation slide deck

SPEAKER: Tony Anscombe - Chief Security Evangelist at ESET
Tony Anscombe is the Chief Security Evangelist for ESET. With over 20 years of security industry experience, Anscombe is an established author, blogger and speaker on the current threat landscape, security technologies and products, data protection, privacy and trust, and Internet safety. His speaking portfolio includes industry conferences RSA, Black Hat, VB, CTIA, MEF, Gartner Risk and Security Summit and the Child Internet Safety Summit (CIS). He is regularly quoted in cybersecurity, technology and business media, including BBC, Dark Reading, the Guardian, the New York Times and USA Today, with broadcast appearances on Bloomberg, BBC, CTV, KRON and CBS. Anscombe is a current board member of the NCSA and FOSI.
Visit Tony on LinkedIn: https://www.linkedin.com/in/tonyanscombe/

March 2023: How the SEC Proposed Cybersecurity Guidelines Will Impact Us

Demetrios Lazarikos (Laz), explores topics that are top of mind for security practitioners that have direct involvement in measuring, optimizing, and communicating their security program. Attendees will gain insight into best practices and building a strong program foundation in these changing times.

This is a pragmatic discussion that is not to be missed. This session will cover the following topics:

New SEC proposals for Cybersecurity Disclosure - how these suggestions are impacting our security program reporting with the Board and Exec Staff.
Effectively communicating security program management within your organization while navigating business risk and change.
Skillfully partnering, advising, and influencing senior leadership on the future while adapting to business and regulatory requirements.

Click Here for copy of the presentation slide deck

SPEAKER: Demetrios Lazarikos (Laz) - 3x CISO and Co-Founder of Blue Lava
A recognized authority for building technical, cybersecurity, fraud, and data analytics solutions, Laz has more than 30 years' experience in building and supporting some of the largest InfoSec programs in financial services, technology, retail, hospitality, and transportation verticals. Laz is the Co-Founder and President of Blue Lava, a SaaS business platform built with, by, and for cybersecurity leaders.

As a Boardroom Certified Qualified Technology Expert (QTE), Laz is no stranger to the boardroom, analyst, regulator, and investor community. Laz is an advisor to some of the most innovative companies in technology and cybersecurity. He advises investors and companies about trends with cybersecurity, technology, regulations, and go-to-market strategies.

Past roles include: CISO at vArmour, CISO at Sears, CISO at Silver Tail Systems (acquired by RSA/EMC), VP of Strategic Initiatives at ReddShell Corporation (acquired by TrustWave), Director of Technology at SGI, and the Director of Technology at EDS (acquired by HP).

Laz is a twice-decorated USAF veteran, inventor of several patents, published author, an Adjunct Professor at Pepperdine University's Graziadio School of Business and Management, and an Adjunct Professor at Chapman University. He holds a Master’s degree in Computer Information Security from the University of Denver, and an MBA from Pepperdine University.
Visit Laz on LinkedIn: https://www.linkedin.com/in/iamlaz/

January 2023: Introducing The San Diego Regional Cyber Lab

The San Diego Regional Cyber Lab’s mission is to provide the greater San Diego region with coordinated cybersecurity awareness through collaborative access to tools, intelligence, and a trained and capable workforce. This group – consisting of cybersecurity experts, academics, local CEOs and public officials – works together to enhance cybersecurity resilience through timely sharing of information and analysis, and provides specialized training with safe environments to simulate and defend against cyberattacks.

Join us as Darren Bennett and Ian Brazill discuss the newly launched Regional Cyber Lab in Downtown San Diego and its many physical and virtual offerings to the region, including what YOU can do to participate in the lab’s efforts to lift up the cyber maturity of the San Diego region.

Click Here for copy of the presentation slide deck

SPEAKERS:

Darren Bennett - Chief Information Security Officer (City of San Diego)
Darren Bennett is a global information and cybersecurity leader with more than 20 years experience in information security, focusing on all aspects of cyber, information and physical security. As the Chief Information Security Officer for the City of San Diego, Bennett is responsible for the security of all information systems used by the City. As the Regional Coordinator for the FBI Computer Science Program, Bennett served as a trusted adviser for the FBI and provided leadership and guidance regarding cyber-investigations to more than 25 computer scientists across 15 separate FBI divisions located across the western United States.
Visit Darren on LinkedIn: https://www.linkedin.com/in/darren-l-bennett/
Ian Brazill - Program Manager & Cyber Lab Lead (City of San Diego)
Ian Brazill is a Program Manager with the City of San Diego’s Department of Information Technology. Working primarily with the Department’s Architecture & Engineering Division, Ian’s core areas of responsibility include PCI compliance, financial management, the San Diego Regional Cyber Lab, and more. Ian has worked for the City of San Diego for close to 7 years and is currently a graduate student at San Diego State University.
Visit Ian on LinkedIn: https://www.linkedin.com/in/ianbrazill/

2022

October 2022: What To Know And Expect When CPRA Goes Into Effect Jan 1, 2023

In June 2018, the CCPA was signed into law, creating new privacy rights for Californians and significant new data protection obligations for businesses. The CCPA went into effect Jan. 1, 2020. California’s Office of the Attorney General has enforcement authority. The CPRA amends the CCPA and includes additional privacy protections for consumers passed in Nov. 2020. The majority of the CPRA’s provisions will enter into force Jan. 1, 2023. Join us to hear from Privacy expert Neil Packard (ISACA, IAPP), to understand the changes coming in the new year.

SPEAKER: Neil Packard CISA, CIPM, CDPSE - Enterprise Privacy Business Partner, Dexcom

Neil is experienced informatics specialist, accumulating extensive experience and knowledge in a breadth of industries and mastering diverse roles in technology, analysis, information security, data privacy, and risk management. Neil’s background entailed helping organizations operationalize their privacy & security programs; working with the Office of Inspector General, Department of Veteran Affairs performing Information Security assessments; and the Federal Trade Commission fortifying information risk management and compliance programs. In addition to founding a company focusing on eDiscovery Compliance and computer forensics, he has in-depth knowledge of information security and privacy frameworks, standards, and regulations such as NIST, HITRUST, ISO, SOC, HIPAA, FedRamp/FISMA, AICPA, and GDPR.

Visit Neil on LinkedIn: https://www.linkedin.com/in/npackard/

September 2022: Workload Identity, Security, and Governance

The proliferation of DevOps and automated workloads presents the industry with new security challenges such as workload identification, authentication, and authorization. Managing to least privilege and separation of duties for human users is a (mostly) mature domain. Automated workloads typically outnumber human users by 45x in a large, modern enterprise. Understanding the administrative goals of the organization’s automated processes and the credentials used to complete their tasks, as well as the applicable security controls we must design into these systems, is an evolving domain. We will take a look at some recent guidance from NIST (SP-800-161) and how it applies to DevOps environments and the enterprise software supply chain as well as discuss the similarities to Identity Governance and Administration for human users. We can take the learnings from two decades of managing human identities and start to apply those to automated workloads.

Click Here for copy of the presentation slide deck

SPEAKER: Dennis Mastin CISSP | CCSK - Solutions Architect

Dennis Mastin is a security professional focusing on non-human identities and Secrets Management. He has been in industry for over 30 years as a software engineer, field sales specialist, and consultant. The past two decades, Dennis focused on Identity and Access Management while at Netscape, Sun Microsystems, and Oracle. Currently, Dennis helps CyberArk customers realize the benefits of managing the identity lifecycles of automated workloads in their DevOps environments.

Visit Dennis Mastin on LinkedIn: https://www.linkedin.com/in/dennismastin/

August 2022: Understanding CMMC 2.0 Compliance

CMMC is a U.S. Department of Defense (DoD) program that applies to Defense Industrial Base (DIB) contractors. It is a unifying standard and new certification model to ensure that DoD contractors properly protect sensitive information. Hear from industry expert Conrad Agramont on what the CMMC 2.0 requirements are, and what this may mean to your organization.

Click Here for copy of the presentation slide deck

SPEAKER: Conrad Agramont - CEO at Agile IT
As CEO, Conrad Agramont is responsible for defining and managing the strategic direction of Agile IT to help clients transform their business through cloud technologies.

Conrad's experience consulting within the Federal Government and as a former United States Marine allowed him to lead Agile IT as an early adopter with Microsoft in driving customer alignment to and adoption of the Cybersecurity Maturity Model Certification (CMMC). Agile IT specializes in onboarding, migrating, and maturing customers to meet CMMC while leveraging Microsoft 365 Government Community Cloud High (GCC High) and Azure Government.

Conrad brings a wealth of experience managing engineering, operations, and managed services teams as well as pre-sales and solution architecture for new projects. With more than 10 years of experience in the cloud, hosting, and SaaS for both Microsoft Corporation and service providers, Conrad has been involved at nearly every stage of product development and implementation. Through various roles architecting and managing technology projects, he strives to help companies discover true business value with the cloud.

Visit Conrad on LinkedIn: https://www.linkedin.com/in/conradagramont/

July 2022: C-SCRM - Cyber Supply Chain Risk Management

Our current supply chain is severely disrupted. Freight in the major ports of Los Angeles, Long Beach, and Oakland are backed up 100 miles out to sea. The Biden administration issued an executive order in February of 2021 about Cyber Supply Chain Risk Management the same month NISTIR 8276 about C-SCRM was published.

Our supply chain is already shattered, and a cyber-attack could be the straw that breaks the camel’s back. We will show you how to evaluate all your supply chain risk using the NIST Cybersecurity Framework and Capability Maturity Model (CMMI). The keys to a successful C-SCRM program are cloud deployment combined with these proven frameworks. We will show you how we use open-source data, the Salesforce secure cloud, and portals, to automate and deploy an effective C-SCRM program anywhere in the world.

Click Here for copy of the presentation slide deck

Speaker: Mark Keelan - Director of Compliance Practice at UST
Mark Keelan has over 30 years as an IT expert. He has worked for IBM digital analytics team, Peoplesoft as a CRM Product Manager, InterSec Worldwide forensics firm, and more. Mark has an extensive background in ERP, CRM, cybersecurity, and privacy systems. Currently, he is the Director of the Privacy & Security Practice at UST Global, a 28,000-person multinational consulting firm headquartered in Aliso Viejo, CA.
Visit Mark on LinkedIn: https://www.linkedin.com/in/mark-keelan-aaa174

June 2022: PCI DSS 4.0 Assessor, Merchant and Provider Perspectives
Companies that depend on credit card transactions need to integrate the PCI DSS v4.0. One key point of emphasis in PCI DSS v4.0 is greater specificity in controls for Merchants and Service Providers, specifically.

Unfortunately, the recording of this event was corrupted and not available to share online.
However, we do have the following resources available for download.

Speaker:
Mohan Shamachar - MBA, PCI DSS QSA, CISM, CISSP, CISA, HITRUST CCSFP, CIPP/US
Director of Information Security and Compliance.
Mohan has over 15 years of experience in information technology infrastructure, management, and cybersecurity. Mohan has been helping organizations deploy security and compliance programs in the Banking, Healthcare, Education and Energy sectors.
Visit Mohan on LinkedIn: https://www.linkedin.com/in/mshamachar for additional information

May 2022: The Science of Planning a Project That #GSD

Slide Deck

March 2022: The Changing Internal Audit Role

Slide Deck

February 2022: Log4j: What it is, the vulnerability it creates, and its impact on business both now and over next couple years

January 2022: How WhatsApp, TikTok or a Reddit Thread Could Sink A Business

Slide Deck