San Francisco, California
London, United Kingdom
A 16 CPE Event in Portland, Oregon focusing on Information Security, Prevention, and Audit. The event will take place over two days, Wednesday, April 26th and Thursday the 27th. Continental Breakfast, Coffee, Lunch, and Snacks provided!
Wednesday, April 26, 2017 - Thursday, April 27, 2017
See agenda below
4001 Southwest Canyon Road,
Portland, OR 97221
--PARKING: City Parking Available at the Zoo. Or RIDE the MAX.
Early Bird Pricing: Before 3/15/17:
ISACA Member: $125
Non-ISACA Member: $175
Regular Pricing: After 3/15/17:
ISACA or IIA Member: $150
Day 1: 5 Sessions: Various Presenters
1) Keynote: Hard or Soft Boiled... It's still an egg: Melissa Martin
Data, Data, Data, Facts, Reports and Evidence. These are the hard artifacts obtained during an audit. But what are we missing by not employing the soft skills and using interpersonal communications to gain insights, access and build rapport?
2) The Evolving Role of the FBI Cybersecurity Division: FBI
3) Privacy by Design: Madeline Zamoyski
Regulators have long touted the importance of incorporating "privacy by design" but it isn't always clear what that entails. This session will present the seven foundational principles of “privacy by design” and review how the FTC interprets the privacy by design principles. Real-world examples will be used to foster discussion on some of the challenges in incorporating these principles and how others have addressed them.
4) A Microservices Security Mindset: Kim Green
How well do you understand microservices security? Unfortunately, too many security professionals struggle with the new challenges and risk associated with microservices architecture. Microservices is not just about development and deployment – it is about security, which is why governance is critical for the success of microservices in any business. This presentation will provide the audience with a practical approach to better understanding microservices security and identify the necessary steps to securing their company’s microservices applications.
5) Cybersecurity Panel: Port of Portland
Case Study report, out from the Port of Portland. Panelists will share lessons learned from the Port's recent efforts to implement Cybersecurity and some of the legal and operational challenges and considerations.
Day 2: 4 Sessions by John Gatto
6) Outsourcing and the Need for Supplier Audits
Why and How companies use third party suppliers. Outsourced or Vendor, the risks involved and what audit should be doing. This session will explore:
7) Auditing Disaster Recovery / Business Resumption Planning
Key consideration and the 10 critical actions auditors need to address when reviewing DR plans and approaches. This session will explore:
8) Auditor’s Role in System Development
9) Crisis and Change Management – Internal Audit Involvement
Auditor role during of crisis management and organizational change management. Key areas in this session include:
Keynote: Melissa Martin
Melissa Martin is an accomplished instructor and consultant for effective workplace interaction. Facilitating group learning is her passion and she thrives on watching participants realize their individual and team potential. Her goal with every encounter is to help people create a more cohesive work environment. Participants have appreciated her activity and discussion-based facilitation style that allows them to internalize the material for more individualized results. Participants learn to celebrate their own strengths and how to bring out the strengths of their team members.
In addition to academic achievements, Melissa’s certifications include:
Melissa uses the above curriculum and her own research to customize training and has provided training and education to organizations in the academic, volunteer, governmental and private sectors.
Kim Green, Zephyr Health
Kim is the Founder and Chief Executive Officer of KAZO Security. Prior to starting KAZO, she served in several CISO roles, including Zephyr Health and Bosch Healthcare division, where she oversaw company enterprise and product security programs. She also serves as an advisor to Authentic8, Net switch, Cyber Defense Group, Bug crowd and US Market Access Center.
With over 20 years’ experience in both private and public healthcare sectors, Kim has consulted federal and state government healthcare agencies and private companies on security and privacy best practices.
Kim routinely speaks on security and privacy topics. In 2013, she spoke to the European Commission in Brussels on behalf of the European Union Health Information and Communication Technology Trade Association regarding the General Data Protection Regulation, which goes into effect in 2018.
Kim studied computer software engineering and computer information systems at Brandeis University and Cal Lutheran University. She also served in the United States Army and was awarded the Army Achievement Medal.
Madeline Zamoyski is a product and privacy attorney who has worked in tech for the past 8 and a half years. After six years working in some of the best law firms in the California Bay Area, she moved in-house, first working for LinkedIn and now New Relic. She is passionate and excited about intellectual property and privacy law since it continues to develop and transform as the technology in our lives develops and transforms.
John Gatto was with Health Care Service Corporation (HCSC) in Chicago, IL from December 2005 until his retirement in January 2015. He was the Divisional Vice President, Audit Services and was responsible for all aspects of IT Audit for the five Blue Cross Blue Shield Plans comprising HCSC (Illinois, Texas, Montana, New Mexico and Oklahoma) and encompasses NAIC / MAR compliance and testing, risk based audits, advisory engagements for new development projects, coordination of SOC-1 and SOC-2 reviews and E&Y Year-End Financial Audits. John was a member of a number of Steering Committees within the IT area of HCSC.
Prior to HCSC, John worked at Federal-Mogul in Michigan as the Sox coordination supervisor, Avery Dennison in California as a Project Manager, and spent 13 years with Horizon BlueCross BlueShield of New Jersey, where he was Director of Systems Audit, Customer Audit and Operations Audit.
John has over 45 years of audit experience, most of it in the IT Audit arena. He is a CISA and CRISC and has his MBA from Fairleigh-Dickinson University in New Jersey. John is a frequent speaker for the BCBSA, IIA and ISACA organizations. In 2010 he was named “Educator of the Year” by the Chicago Chapter of the IIA.
Since retiring, John has spoken at the Southeastern and Southwest Intergovernmental Audit Forums, the ISACA CACS Conference and at the ISACA Chapters in South Carolina, North Carolina, Harrisburg, New Jersey and Central Florida. He is focusing on speaking on a range of topics such as PCI, BYOD, Disaster Recovery, etc. Descriptions of these sessions are available upon request.
We hope to see you there!
Looking for other upcoming events? Click here
Save This Event
When & Where
ISACA - Willamette Valley Chapter
The Willamette Valley Chapter of ISACA represents IT Security, Audit and Compliance Professionals in the Oregon/SW Washington region.
The chapter hosts luncheon programs and coordinates technical seminars designed to provide networking and professional education opportunities, and serves as a conduit for information from the International ISACA organization.