" rel="stylesheet">
Skip Main Navigation
Page Content
This event has ended

Spring Training: Information Security, Prevention & Audit

ISACA - Willamette Valley Chapter

Wednesday, April 16, 2014 from 7:30 AM to 5:00 PM (PDT)

Spring Training: Information Security, Prevention &...

Ticket Information

Ticket Type Sales End Price Fee Quantity
Early Bird: ISACA Member Ended $100.00 $0.00
Early Bird: Guest and Non-member Ended $125.00 $0.00
ISACA Member Ended $150.00 $0.00
Guest and Non-member Ended $175.00 $0.00

Who's Going

Loading your connections...

Share Spring Training: Information Security, Prevention & Audit

Event Details

Spring Training

A 7-8 CPE Event in Beaverton, Oregon focusing on Information Security, Prevention and Audit



Wednesday, April 16, 2014

Registration & Breakfast: 7:30 A.M.

Sessions: 8:30 A.M. - 5 P.M.


Beaverton, Oregon

PCC Rock Creek

17705 NW Springville Rd. Portland, OR 97229

Click here for a map with parking directions.


7-8 CPE


Early Bird Pricing:  Before 2/10/14:

ISACA or IIA Member : $100

Non Member: $125

Regular Pricing:  Begins 2/10/14:

ISACA or IIA Member : $150

Non Member: $175

Topics and Summary:


Featuring Nancy Young, Moss Adams

Do you know that organizations lose 5% of every dollar to fraud schemes in one form or another? Would you or your financial department know the opportunity points or fraud indicators? While the chances of fraud occurring in your organization —externally or employee perpetrated—may seem unlikely, it is a major economic obstacle costing billions each year in lost revenue and misappropriated assets, according to the US Department of Commerce.

Join Nancy Young, who will help you build a better understanding of:

  • The fraud environment
  • Various fraud schemes
  • Preventive, detective, and corrective controls
  • Characteristics of a fraudster

Security Operations & Monitoring:

Featuring Russ McRee, Microsoft

If you’ve spent any time defending web applications as a security analyst, or perhaps as a developer seeking to adhere to SDLC practices, you have likely utilized or referenced the OWASP Top 10. Intended first as an awareness mechanism, the Top 10 covers the most critical web application security flaws via consensus reached by a global consortium of application security experts. The OWASP Top 10 promotes managing risk in addition to awareness training, application testing, and remediation. To manage such risk, application security practitioners and developers need an appropriate tool kit. This presentation will explore tooling, tactics, analysis, and mitigation.

Career Management

Featuring Todd Weinman, The Weinman Group

The job market for IT Audit and GRC professionals is the strongest since we have seen since the glory days of SOX.   Opportunities abound and competition for resources is fierce.   This economic environment can be your best friend or your worst enemy.   It is precisely this type of climate that leads to career management missteps that can follow you for your entire career.  Whether you are trying to climb the corporate ladder or just trying to hang on until retirement now is the time to be particularly attentive to making the right decisions about your career.

Among topics to be discussed:

  • What you need to know about the new economic reality
  • The key skills IT Audit and Security professionals need to master today
  • Developing the key attributes to take your career to the next level
  • Networking 101: A quick primer on this essential skill
  • What you need to know about Social Media
  • A new way to conceptualize your career, and some tools to help you get there

Servant Leadership:

Featuring Andrew Plato, Anitian

If you want to build a secure community, you must have a foundation of trust.  Trust is the language, currency, and fuel that powers security.  Building trust begins with leaders whom you can trust.  These leaders must not only inspire people to act, but also cultivate trust among the entire community.  Because, inside high-trust environments people are naturally inclined to do the right things and follow security protocols.

Servant Leadership is a management concept that has been around for decades.  It is a philosophical approach to management that not only makes organizations work better, it makes them significantly more secure.  It accomplishes this through building high-trust relationships with employees which in turn fosters better security.  

In this presentation, veteran information security leader, Andrew Plato will discuss how the concepts of Servant Leadership are applicable to Security Leadership, and how you can use these concepts to build a high-trust, high-security environment.

Topics Covered:

  • How high-trust environments naturally are more secure
  • How bad leaders erode trust and increase risk
  • The fundamentals of Servant Leadership
  • Becoming a Servant Leader

Advanced Malware - The Explosion of Cybercrime - The 5 Ways IT May Be an Accomplice:

Featuring Mark Villinski, Kaspersky Lab

Mobile devices, social media sites, and the exponential growth of cybercriminals are threatening your users and your data every day. Can your IT department become an unwitting accomplice to cybercrime? Mark Villinski, Kaspersky Lab Marketing Manager, sheds light on the growing challenges facing IT today and discusses the 5 ways that IT departments may be unknowingly enabling cybercrime in their organizations.  

During this session, you will hear:

  • A comprehensive overview of the current state of the cybercrime threat landscape.
  • Several real life examples and stories of attacks; where they come from and ways to detect them.
  • Examples of current IT policies and procedures that may be exposing your network to attacks.

People - The Unpatchable Vulnerability:

Featuring Barrett Weisshaar, TrustWave

“Targeted,” “low-and-slow,” “advanced,” and “adaptive” are terms used to describe today’s advanced threats. Each depends on a patient individual applying their own ingenuity to various tools in order to reach their objective. In the same way, a realistic penetration test of an internal network requires the application of human ingenuity—tools, ratings, scores, and automation alone won’t cut it. The greatest tool in a penetration tester’s arsenal is his or her intelligence, resourcefulness and inventiveness. Automated tools alone are not capable of taking advantage of human fallibility in order to gain increasing levels of access to network assets.

Trustwave SpiderLabs Managing Consultant Barrett Weisshaar will discuss a number of advanced threats detailed in Trustwave’s 2013 Global Security Report, as well as a taxonomy of human-driven attacks used in his more than seven years’ experience conducting penetration tests.

Protecting Your Organization’s Most Critical Assets:

Featuring Robert Eggebrecht, BEW Global

Organizations are swimming in data and becoming more interconnected with partners and vendors on the “Global Electronic Nervous System” every day.  Because of that, companies need to plan, implement and maintain a Critical Asset Protection Program that clearly defines what assets are deemed most important to the organization based on revenue, income, reputation and core operational impact.  Key aspects of a Critical Asset Protection Program include assessing the human aspect; designing, building and maintaining an Information Security Management Systems (ISMS) based on quality management concepts, and finally evaluating technologies. Critical Asset Protection Programs need to balance people, process and technology to build and maintain an effective program.  

Join BEW Global President/CEO, Robert Eggebrecht as he discusses the step-by-step process and methodology to building a risk-based, cost-effective program. This program defines the assets as well as the core attributes of the assets. These attributes include:

  • Critical Asset Creation- The point in time when the asset is created
  • Critical Asset Storage- Once the asset is created, how it is stored
  • Critical Asset Use- Mapping the authorized use of the critical asset
  • Critical Asset Transmission- Assessing how critical asset information is shared within and outside the organization

Schedule & Presenters:

7:30 AM - Registration, continental breakfast, and professional networking

8:30 AM - Nancy Young: Moss Adams

9:30 AM - Mark Villinski: Kaspersky Lab

10:30 AM - Russ McRee: Microsoft

11:30 AM - Buffet Lunch

12:30 PM - Todd Weimann: Weimann Group

2 PM - Robert Eggebrecht: BEW Global

3 PM - Andrew Plato: Anitian

4 PM - Barrett Weisshaar: TrustWave


We hope to see you there! 


Looking for other upcoming events? Click here

Have questions about Spring Training: Information Security, Prevention & Audit? Contact ISACA - Willamette Valley Chapter

When & Where

Portland Community College - Rock Creek Campus
17705 Northwest Springville Road
Portland, OR 97229

Wednesday, April 16, 2014 from 7:30 AM to 5:00 PM (PDT)

  Add to my calendar


ISACA - Willamette Valley Chapter

The Willamette Valley Chapter of ISACA represents IT Security, Audit and Compliance Professionals in the Oregon/SW Washington region. 

The chapter hosts luncheon programs and coordinates technical seminars designed to provide networking and professional education opportunities, and serves as a conduit for information from the International ISACA organization.



  Contact the Organizer
Spring Training: Information Security, Prevention & Audit
Portland, OR Events

Please log in or sign up

In order to purchase these tickets in installments, you'll need an Eventbrite account. Log in or sign up for a free account to continue.