SlideShare a Scribd company logo

2012 Summer Conference Brochure

EnterpriseGRC Solutions, Inc.
EnterpriseGRC Solutions, Inc.
1 of 18
Download to read offline
August 23rd & 24th - Santa Clara, California This event counts towards 14 hours of Continuing Professional Education 14 CPEs ISACA SILICON VALLEY 2012 Summer Conference Enabling Trust: Business In the Cloud Schedule August 23rd 3 Schedule August 24th 4 Day 1 Sessions and Bios 5 Day 2 Sessions and Bios 9 Sponsors 15 From the ISACA SV Board 16 About Our Committee 17 Venue Information 18 Academic Relations 18 Conference BrochureCloud Business Track- What Business has done to Enable our Trust Auditing Track- How Cloud Affects Audit Methods to Ensure & Assess Cutting Edge Business, Audit & Technology Topics 14 Sessions by Notable Industry Experts Thursday Night Networking Reception Sponsor Exhibits and Raffles http://www.isaca-sv.org
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 2 Program Day One -Thursday, 23 August 2012 Time Event / Topic Speaker 8:00 AM Registration, Networking & Coffee, 8:45 AM Welcome Message from the ISACA SV President and The ISACA SV Board Sumit Kalra, Robin Basham The ISACA Board 9:00 AM Keynote: Session 1-1: Our Responsibility in the New Cloud Economy Wolfgang Kandek CTO - Qualys, Inc. 9:30 AM Session 1-2 : The Boundaries of Business When Your Business is SaaS. How to Design Software Users Love (Kevin Hale is the Founder of WuFoo, recently acquired by Sur- vey Monkey.) Kevin Hale Sr Product Manager SurveyMonkey 10:30 AM Session 1-3 : Building And Maintaining Trust In An Increasingly Social And Mobile Environment Bill Ender Director, Consulting Practice - EMC Consulting 11:30 AM Lunch and Networking - Enjoy time with Conference Sponsors 12:30 PM Session 1-4: Rethinking Web-Application architecture for the Cloud Arshad Noor CTO - StrongAuth, Inc. 1:30 PM Session 1-5: Intelligent Operations, Leveraging Cloud & Virtualization - Setting The Right Operational Targets David Robbins CIO - Ellie Mae, Inc. 2:30 PM Session 1-6: Business Risk Intelligence - Information Security Management, Risk Management, and Industry Compliance Initiatives - how do you keep it all straight Gordon Shevlin CEO - Allgress Chris Armstrong, CISO - Allgress 3:30 PM Break 3:45 PM Session 1-7: Executive Panel Discussion - Moderator: Eric Tan, PwC Enterprise Systems - The Secret to Their Success • Ahmed Datoo, CMO - Zenprise • Douglas Barbin, Principal, BrightLine • Douglas A. Brown, Sr. VP of Eng Operations, NetSuite, Inc. • Doug Meier, Director Security & Compliance, Pandora 5:15 PM Sponsors Exhibit, Networking & Reception (until 7:30 PM) Cloud Business Track- What Business has done to Enable our Trust
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 3 Program Day Two—Friday, 24 August 2012 Time Event / Topic Speaker 8:00 AM Networking & Coffee 8:30 AM Message from the ISACA SV President Sumit Kalra, Robin Basham The ISACA Board 8:45 AM Session 2-1: “Did you want controls with that?” Model for IT Assurance as a Service – The Emergence of Controls in Infrastructure as a Service SLA Jeff Reich CRO - Layered Tech 9:30 AM Session 2-2: Big Business Big Risk, How We Measure a Secure Enterprise Mike Pearl Principal, Cloud Strategy Practice, and Partner - PwC 10:30 AM Session 2-3: Building Enterprise Level Security into Public Clouds Kartik Trivedi VP / Co-Founder at Symosis Lenin Aboagye Apollo Group, Inc. 11:30 AM Lunch and Networking - Enjoy time with Conference Sponsors 12:30 PM Session 2-4: Using COBIT 5 Process Assessment Model (PAM), Followed by “Applying ISACA Guidance to Understanding the Value of Our Data, Big Risk—Big Data” Debra Mallette ISACA SF Past President Robin Basham ISACA SV Conference Dir, CEO, EnterpriseGRC Solutions Inc. 1:30 PM Session 2-5: Benefits and Potential Drawbacks to implementing SAP as a Hosted Solution. How ERP Controls are Same and Different when Serviced In the Cloud Mark Richter President iStreet Solutions, LLC 2:30 PM Session 2-6: Closing the Gap Between Security and Com- pliance Fred Kost Head of Product Marketing Check Point Software Technologies 3:30 PM Break 3:45 PM Session 2-7 Panel Discussion - Moderator: Sumit Kalra, Director at Burr Pilger Mayer Trust Services in Cloud Based Business, Session Description • Jay Swaminathan , Director SOAProjects • Harshul Joshi, Director PwC • Jeremy Sucharski, Dir Armanino McKenna, CFO Advisory Services Practice • Brian K. Taylor, Sr. Dir of Compliance, Systems and Tools at NetSuite Inc. 5:15 PM Sponsor Raffles and Conference Closing Remarks Auditing Track- How Cloud Affects Audit Methods to Ensure and Assess
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 4 Session 1-1 Description: Responsibility in the New Cloud Economy Wolfgang is a frequent speaker at security events and forums including Black Hat, RSA Confer- ence, InfoSecurity UK and The Open Group. Wolfgang is the main contributor to the Laws of Vulnerabilities blog. When we asked who might speak to “Responsibility in the New Cloud Economy” Wolfgang’s leadership at Qualys seemed the perfect fit. Presenter: Wolfgang Kandek, CTO - Qualys Wolfgang is responsible for product direction and all operational aspects of the QualysGuard platform and its infrastructure. Wolfgang has over 20 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet. Prior to joining Qualys, Wolfgang was Director of Network Operations at the Online Music streaming company myplay.com and at iSyndicate, an Internet media syndication company. Earlier in his career, Wolfgang held a variety of technical positions at EDS, MCI and IBM. Wolfgang earned master's and bachelor's degrees in computer science from the Technical University of Darmstadt, Germany. Visit: http://www.qualys.com Session 1-2 Description: The Boundaries of Business When Your Business is SaaS– How to Design Software Users Love (Open your mind to business without walls.) There's been a paradigm shift in business over the last 20 years. Users and customers want a relationship. They want to fall in love. When it comes to software and the Internet, you don't have the benefits and reminders of face to face interactions, so it's easy to forget how a little love goes a long way. This session shares the story of Wufoo and also look at how companies and their products are wooing their users, keeping the romance alive and sustaining lasting relationships that turn out to make for profitable returns. Presenter: Kevin Hale, Senior Product Manager - SurveyMonkey Kevin is the Co-founder of Infinity Box Inc, a Y Combinatory seeded company that built Wufoo, an online form builder, ranked by Jakob Nielson as one of the best application UIs of 2008. After selling Wufoo to SurveyMonkey for 35 million dollars in 2011, Kevin is now Sen- ior Product Manager responsible for safeguarding and enhancing the user experience of Sur- veyMonkey's products. The conference feedback forms have been supplied for free by the brilliant engineers and generous founders of Wufoo. Visit: http://www.wufoo.com
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 5 Session 1-3 Description: Building and Maintaining Trust in an Increasingly Social and Mo- bile Environment: How do we protect information in a universe increasingly dominated by services (Facebook, Google+, LinkedIn, etc.) and devices (smartphones, iPads, etc.) designed to make information transparent and portable Presenter: Bill Ender, Director, Consulting Practice – EMC Consulting. Bill is EMC's GRC Evangelist. Prior to joining EMC, Bill was Senior VP of Corporate Information Security for Wells Fargo Bank (2003-2010), where he led the creation, implementation an main- tenance of the Information Security Management Program, policy, controls, regulatory compli- ance, training and awareness, reporting and support for Line of Business executives and the company‚ Atos 150+ Information Security Officer community. At Wells Fargo, he developed and maintained strong relationships with key business leaders, Chief Risk Officers, Internal Audit, Corporate Security, Technology Operations, vendors, service providers, and external industry consortia and agencies. He also led the implementation of solutions for automated policy and incident management, control testing, and reporting; promoted integration of Information Secu- rity-specific tools into the Corporate Enterprise Risk Management Reporting Dashboard; and championed a common process/architecture model for all Operational Risk Management disci- plines. Bill's professional career prior to joining Wells Fargo included roles as Chief Technology Officer for a large, Arizona-based Managed IT Services and Application Hosting company; Cofounder and Chief Technology Officer for an industry-leading software development and professional services company in the areas of Identity and Access Management and Secure Web Portals; and 12 years in various Information Technology Operations and Research & Development roles with several divisions of Motorola, Inc., where he led multiple teams in the design and deploy- ment of secure network infrastructure, business process automation, and communication and collaboration tools to support a global community of employees, contractors, customers and partners. Session 1-4 Description: Rethinking Web-Application architecture for the Cloud This session reveals how StrongAuth solves a common business requirement using defined and unique web-application architecture - Regulatory Compliant Cloud Computing (RC3) - which enables secure cloud-computing. The discussion aids the attendee in considering the elements of architecture that would ensure strong security of sensitive data in the public cloud, with emphasis toward a typical low cost budget. StrongAuth, CEO, shares the creation and reasons for the RC3 architecture and how it is validated by customers for securing finan- cial and healthcare data. Visit: http://www.strongauth.com Presenter: Arshad Noor, CTO, StrongAuth Inc.. Known for his significant experience in enterprise-scale IT architecture, cryptography and open-source software, Arshad Noor is the designer and lead-developer of StrongKey; the industry's first open-source Symmetric Key Management System, and the StrongKey Lite En- cryption System - the industry's first appliance combining encryption, tokenization, key-management and a cryptographic hardware module. He is a many time author and speaker at forums on the subject of encryption and key-management.
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 6 1-5 Session Description: Intelligent Operations, Leveraging Cloud & Virtualization Setting Right Targets Dave Robbins, Sr. Vice President and CIO at Ellie Mae, Inc. will share his thoughts on the chal- lenges that both internal IT and public facing (SaaS) technology providers face today. He will discuss some of the changing business needs and expectations that are pressing technology service providers to new delivery models and a greater focus on supporting core business strategies. Finally, Mr. Robbins will share the technology journey he has been driving at Ellie Mae and some of the results and lessons learned along the way. Presenter: David Robbins, CIO and Sr. VP of Ellie Mae, Inc. Joining Ellie Mae in January 2012 from a role as Vice President of Global Infrastructure with NetApp. David led North American infrastructure services strategy for Capgemini Outsourc- ing. He is a 30-year veteran of the information technology industry, having been director of engineering services at Totality Inc. and in various leadership roles during a 15-year tenure at Electronic Data Systems. Session 1-6 Description Business Risk Intelligence With all the new regulatory focus on ensuring a comprehensive approaches to managing your Information Security program, Risk Management, and industry compliance initiatives, how do you keep it all straight. Your budgets are not expanding, your resources are constrained, and your leadership is perplexed by the impact of these initiatives on their organization. Co—Presenter: Gordon Shevlin, CEO of Allgress. He brings more than 25 years of business leadership, technical development, sales, marketing and management experience to the company. He previously co-founded SiegeWorks and SiegeWorks International, a digital defense services firm. There, he grew the company from 3 to 120 employees, building a strong inter- national presence and managing its successful acquisition by FishNet Security, the na- tion's leading provider of information security solutions that combine technology, services, support and training. At FishNet, he served as executive vice president of sales. Shevlin graduated from the University of Michigan. Co-Presenter: Chris Armstrong, CISO. He brings 18+ years of experience in information assurance and technology to Allgress. He has a proven track record of influencing product development and strategy in response to the demands of customers who manage information assurance, security and risk programs within large-scale, complex, global environments. Over the course of his career, he has specialized in information security strategy, architecture and operations; global threat management and assurance; risk management; governance and regulatory/statutory compliance; and global policy management and compliance. Prior to his role with Allgress, Armstrong served in simi- lar leadership roles with Fortune 500 companies in the hospitality, high-tech, health care, and financial sectors. He is a Certified Information Systems Security Professional (CISSP).
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 7 Session 1-7 Executive Panel Moderator: Eric Tan, CISA, CGEIT, CPA, Director, PwC Eric Tan, CISA, CGEIT and CPA. Eric is a Director at PwC with over twelve years of experience delivering IT governance and risk management solutions. Eric currently leads PwC's cloud and internet assurance practice based in Silicon Valley. He serves as an internal audit and compliance advisor to various leading SaaS providers in the bay area. His experience includes leading large scale system assessments, performing risk and security reviews; business continuity & disaster recovery diagnostics, and helping his clients implement various compliance and control solutions. Eric focuses on clients in the technology sector. Clients he has served includes Google, eBay, LinkedIn, Novell, Tibco, Shutterfly,and Proofpoint. . Panelist: Douglas A. Brown, Sr. VP of Engineering Operations at NetSuite Inc. (NYSE: N). In this role, Doug is responsible for Uptime, Performance, Security, and Compliance of the Net- Suite Service. NetSuite Operations have achieved PCI-DSS, SAS-70, SOC1, EU-SafeHarbor, SOX, and other compliances. He is additionally responsible for the teams within NetSuite such as : Facilities, IT, Infrastructure, Release, Network, DBA, and Systems Administration. Previously he has been responsible for the Quality Assurance and Internal Audit Departments. Doug has worked for NetSuite for 11+ years. Prior to NetSuite, he worked as a Research Chemist at Henkel Corporation. He holds a Bachelor of Arts in Chemistry from Indiana University and a Masters in Science in Chemistry from the University of Detroit-Mercy Panelist: Douglas Barbin, Principal, BrightLine, CPA Firm, PCI QSA, ISO 27001 Registrar. Doug is a Principal at BrightLine, responsible for all attestation, compliance and certification services for the western United States as well as the PCI and federal (FedRAMP) compliance practices firm-wide. After starting his career with Price Waterhouse, he spent the majority of the technology boom building and operating information security and compliance programs for Fortune 500 enterprises and major technology providers. Doug was previously the director of product management for VeriSign’s managed security services business prior its sale to SecureWorks (now Dell). He was also the overall practice leader for VeriSign’s compliance solutions. Doug is a licensed CPA, and maintains other certifications including CISSP, PCI QSA, and certified fraud examiner (CFE). He was one of the first CSA Certificate of Cloud Security Knowledge (CCSK) recipients where he is an active participant in the CSA’s Cloud Control Matrix (CCM) and CloudAudit initiatives. He has dual-degrees in Accounting and Administration of Justice from Penn State and an MBA from Pepperdine.
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 8 Session 1-7 Executive Panel Panelist: Doug Meier, Director, Security & Compliance at Pandora Doug brings 20+ years experience designing and managing infrastructure, security, disaster recovery, and compliance programs for Silicon Valley Internet companies. Doug has designed corporate security programs, managed Exchange mail server migrations for a globally distributed enterprise, architected and implemented regulatory compliance programs and Disaster Recovery initiatives, and managed operations of enterprise-wide IT services and knowledge systems. Panelist: Ahmed Datoo, Chief Marketing Officer, Zenprise Ahmed Datoo's experience in the technology industry spans strategic planning, brand marketing, software engineering and product management. Prior to Zenprise, Mr. Datoo was at EDS, where he was a global Director of Product Development. While at EDS, he built and launched several workflow automation and monitoring automation modules that generated multi-million dollar savings globally. Prior to EDS, Mr. Datoo was on Loudcloud's product management team where he focused on monitoring, storage and performance networking products. Previously, he was a brand manager at Yahoo! where he co-developed the print and radio promotions for Yahoo! Shopping. Mr. Datoo began his career as a strategy consultant at Accenture where he created high tech product development strategies for telecos, media conglomerates and hardware manufacturers. Mr. Datoo holds an MBA, M.A., and B.A. from Stanford University.
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 9 Session 2-1 Description: "Did You Want Controls With That?" While companies attempt to achieve and maintain compliance in order to reduce or eliminate the regu- latory, statutory or industry pain of non-compliance, no one likes to chase compliance for the sake of being compliant. The complex compliance landscape has overlapping requirements, tools and practices and some of these are even contradictory. Every time you have to focus some of your already limited resources on navigating through the compliance jungle, you pull further and further away from effec- tively utilizing those resources to drive your organization forward. Managed services and cloud services have matured enough to allow you compartmentalize your compliance initiatives and leverage service providers who are qualified to manage compliance needs on your behalf. Like any other outsourced ser- vice, you should expect support and service levels to meet or exceed your expectations. The session will not only focus on what to look for in a Service SLA, but it will also provide recommended best practices for maximizing your relationship with your managed services provider so that you can refocus internal resources on meeting overall business goals. Visit: http://www.layeredtech.com/ Presenter Jeff Reich, Chief Risk Officer, Layered Tech, ISSA Distinguished Fellow, CRISC, CISSP and CHS-II Responsible for driving the company’s security and compliance services and guiding customers’ risk miti- gation efforts. With more than 30 years of experience, Reich is a well-known risk management and secu- rity expert in the hosting market. He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distin- guished Fellow. His extensive background includes successful programs that have dealt with secu- rity policies, information security, internal controls, physical security, liaison work with local and federal law enforcement, regulatory and audit compliance, business continuity planning, abuse and policy en- forcement management, and change control. Prior to joining Layered Tech, Reich was the chief security officer for Rackspace Hosting, and he also held positions as vice president and chief security officer of CheckFree and senior manager of information protection at Dell Inc. 2-2 Session Description: Looking At Cloud Strategy Through The Lens Of Value Strategy – business imperatives, identify technical components of cloud computing in your organization People – Anticipate a reassessment of talent needs; for example, IT will require architects with the ability to leverage the new cloud capabilities. Processes – Anticipate changes across the organization; Technology – Be prepared to address internal challenges, such as data security and governance in the cloud model, and shifting service models to the business. Structure – Thoughtful consideration of the organizational impacts will smooth the transition to cloud computing; for example, consider the impact that rapid and inexpensive provisioning of technology will have on product development. Presenter: Mike Pearl, Principal Cloud Strategy Practice and Partner with PwC. Mike has extensive experience in helping organizations assess, design and implement strategies. Fo- cusing on the improvement of business and technology process, internal controls and risk management he is the lead technology Partner on some of PwC’s larger Technology clients and specializes in delivering consulting services Software and Internet companies. His work includes helping organizations with their process, technology and security issues related to Software Digital Distribution. Specifically he led a web application architecture assessment project over an online software distribution application for a global software company identifying Improvement opportunities related to the architecture and con- trols over the development and operation of the application.
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 10 2-3 Session Description : Apollo Group's business vision includes delivering educational and related business services throughout the world in various forms. One of the key solution is a SaaS based offer- ing of educational platform. To execute on the business vision successfully we needed the following: • Agile environment that enables Apollo to scale based on needs of the business • Reduce time to bring new services online • Improve the overall experience of the tenants • Reduced risk to business • Maintain compliance • Global view • Reduce the overall cost Cloud’s value resides in on-demand resources, offering agility to bring new services on, elasticity to scale up and down, an automated self-service model, and access to services from anyplace and any- where in the network. The cloud approach optimizes use of resources to drive a cost-effective solution. Cloud initiatives are critically important to Apollo in achieving the strategic goal of having a nimble IT infrastructure and Education Platform with an solid security backbone. The IaaS cloud delivery model that Apollo chose is a Hybrid Cloud with Amazon being the Public Cloud Vendor. The talk goes into how enterprise-level security can be achieved in any Public cloud as well as non-traditional and customized ways of addressing general security requirements within public clouds from Vulnerability Assessment, Access Management, Key Management, Database Monitoring, IDS/IPS deployment, Application Secu- rity, Database Security , Security Monitoring , Traditional/Virtual Patching etc. .We will also delve into additional security requirements that are unique only to public cloud when it comes to addressing secu- rity of Tenant data. Finally, the discussion will take a journey into the architectural, design, practical implementation, selection process of CSPs, gaps and best practices found through building Apollo’s Education Services on a Hybrid Platform (Public/Private) Presenter: Kartik Trivedi, VP / Co-Founder at Symosis Symosis, a high end mobile and application security advisory firm with more than a decade of experi- ence in providing security risk assessment, quantification, remediation and compliance management services to Fortune 500 companies. Kartik has performed several hundreds application security assess- ments, code reviews, reverse engineering analysis, threat models, penetrations tests, network reviews and incident responses. He was previously the director of application security at Accuvant, Security Manager at McAfee, security consultant at Foundstone and software development engineer at Concept Sol. He has contributed to many security books- hardening code, hacking exposed, how to break web security and is a regular speaker at several conferences including RSA conference, WebAppSec, OWASP and ToorCon. Kartik has MBA and MS degrees and CISM, CISA, CISSP certifications Co-Presenter: Lenin Aboagye, Principal Security Architect at Apollo Group. Responsible for overseeing all security pertaining to Apollo's Education Platform and Applications. He is a seasoned Information Security professional with over 10 years of experience in different roles in the security field. A sought after speaker on Cloud, Mobile and Application Security topics. His experi- ence in security has led him to hold different roles from security analyst, penetration tester, security engineer and security architect roles in several high-profile organizations in Media & Television, Educa- tion, Health, Real Estate and Energy industries. He worked as a Security consultant for Accuvant, Inc. and was also a Senior Security Consultant with Verisign's Global Group. Contributing member of the CSA Security- As- A-Service (SecAAS) working group and is an active participant in several other Infor- mation Security related interests. Lenin holds a BA, and graduated top of his class with a double major in Computer Science and Math.
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 11 Session 2-4 Description: Using COBIT 5 Process Assessment Model (PAM) and Cloud Audit Methodology: ISACA Guidance to our Every Day activities to Assess company Services that Extend to the Cloud This is an introduction to the newly updated ISO/IEC 15504 compliant, COBIT 5 Process Assessment Model (PAM). This model is the basis for the assessment of an enterprise’s IT processes against COBIT 5. The assessment model is useful for identifying the enterprise’ current state, setting targets for desired improvement, and recognizing progress in implementing the processes that support and enable excellence in strategic alignment, value delivery, risk management and resource management. Use of the COBIT 5.0 Process Assessment Model gives and evidence and standards based assessment of process capability. Presenter: ISACA SF President Debra Mallette CGEIT®, CISA®, CSSBB (ASQ Certified Six Sigma Black Belt), and Managed Change™ Master, is an early adopter of COBIT for imple- menting IT Governance. Having used the COBIT 3 Maturity Model, written ISACA/ITGI’s SEI CMM to COBIT 4.0 and SEI CMMI to COBIT 4.1 mapping papers, and serving on the COBIT 5. Development Group, she was asked to serve as an expert reviewer for the COBIT 4.1 and COBIT 5 Process Assessment Method (PAM). She has previously been a certified SEI CMMI assessor and ISO TickIT qualified. Debra has been working with quality management systems, systems of internal control, process performance measurement, monitoring, and improvement programs throughout most of her career. She is an ISACA certified instructor for Implementing and Continuously Improving IT Governance, V3.0, as well as Introduction to COBIT 5. Past President of ISACA San Francisco Chapter, for her day job, she’s an ITIL Service Management Process Consultant Specialist in Kaiser Permanente’s 5000 person-strong IT organization serving the largest and original Health Maintenance Organization in the United States. Session 2-4 Description—Part Two Big Risk, Big Data, showing the issues in assigning govern- ance, risk and compliance steps to projects using "Big Data" technologies. This presentation is an interactive discussion that is likely to spill into conversations throughout the remainder of the day. To preview the points, view more at http://www.enterprisegrc.com/ IMA_ValofData/ Presenter: ISACA SV Conference Director, Robin Basham, M.ED, M.IT, CISA, CGEIT, CRISC, ACC, CRP, VRP, and HISP, Managing Partner, EnterpriseGRC Solutions Inc.® Over the last decade Robin has architect more than 70 GRC programs, delivering end to end solutions with full knowledge transfer to program owners and users. Robin is also past president for the Association for Certified Green Technology Auditors, ACGTA, a frequent committee contribu- tor to the ISACA Silicon Valley Chapter and liaison to the ITSMF SV chapter, as well as fre- quent participant in Cloud Security Alliance local chapter. EnterpriseGRC Solutions is recently added to the Cloud Credential Council and is named to the certification committee of The Holistic Information Security Practitioner Institute (HISPI). EnterpriseGRC Solutions® is an active sponsor to Information Systems Audit and Control Association, ISACA®, listed as corporate sponsor and many time CobiT® trainer for the ITGI.
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 12 2-5 Session Description: Similarities, Benefits and Potential Drawbacks to implementing SAP as a Hosted Solution - This session examines several common audit programs as outlined IS- ACA's Security Audit and Control Features for SAP ECC 6.0 guidance and as recommended in general ERP compliance practice. Visit http://www.istreetsolutions.com/ Presenter: Mark Richter, President, iStreet Solutions, LLC. Mark Richter has over 30 years’ experience helping companies improve profits and uncover additional economic value by applying enterprise best practices and the latest in information technology solutions. His vision is transformative and critical to creating the iStreet Services Platform as he blends cloud and virtualization technologies, with the security considerations demanded of dedicated platforms. His career began at Hewlett-Packard where he held various technology and leadership positions, moved to VoIP startup Appiant Technologies and then Ragingwire Enterprise Solutions. Before founding iStreet Solutions in 2004 he served as business application hosting Infrastructure Practice Director at Rapidigm, now a part of Fujitsu Consulting. Mark holds an MBA and Bachelor of Science degree in engineering. Session 2-6 Closing the Gap Between Security and Compliance New technologies and the way we work are challenging the traditional controls put in place for security. How we deploy security to maintain control and visibility has to change to keep up. Check Point’s approach using multi-layered security can provide the necessary controls and provide the visibility to confidently embrace these new technologies and ways of working Presenter: Fred Kost, Head of Product Marketing at Check Point Software Technologies Fred brings a wealth of marketing and security experience and a passion for security. Prior to joining Check Point, Fred was director of security marketing for Cisco where he led marketing for the portfolio of security products and solutions. He has extensive network security experience spanning both established industry leaders and early stage ventures. Fred has held technology marketing and development positions with Recourse Technologies, Symantec, nCircle and Blue Lane Technologies. He earned a Bachelor of Science in Electrical Engineering from Purdue University and an MBA from the University of North Carolina.
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 13 Session 2-7 Panel Discussion Session 2-7 Description: Trust Services in Cloud Based Business, Session Descrip- tion: Companies depending on SOC 1, SOC 2 and SOC 3 need to be clear in the extent of expo- sure analysis and more transparent in what they commit to external reporting. This panel in- cludes Directors in Information Audit who have specific experience in assisting public and pri- vate companies in selecting and achieving external reporting requirements. The session will consider where the current standards need improvement and how new frameworks from AICPA and ISACA can assist in filling gaps. Moderator: Sumit Kalra, CISA, CISSP, is a Director at Burr Pilger Mayer, where he manages the Assurance Services practice specializing in information technology, SAS70 Audits, and assessments. His 12 years of industry experience include 6 years at international CPA firms, and 6 years at companies in the technology, consumer products and financial services industries. His knowledge base spans a variety of ERP solutions and complex infrastructure implementations. Sumit has a BS in Accounting and Computer Information Systems from San Francisco State University. Panelist: Harshul Joshi, CISSP, CISA, CISM, Director PwC. As a Director in the security practice with primary areas of focus in IT security and compliance based risk assessments, Harshul's expertise includes Threat and Vulnerability modeling and security architecture. He has worked with various compliance standards including: PCI (Payment Card Industry), Sarbanes Oxley 404, GLBA (Gramm Leach Bliley Act), PCI (Payment Card Industry) and SAS 70. Harshul has worked in Fortune 100 companies assisting with IT compliance, audit and security initiatives and is an internationally known speaker. Some of the sample topics he speaks on include PCI, Wireless Security, Auditing Firewalls and Intrusion Detection, Risks of IT Outsourcing and Offshoring and Performing IT Risk assessment from a Business stand-point. He has spoken at various conferences in Singapore, India and in United States. He is a regular speaker at ISACA North American Conference as well as Network Security Conference. Harshul is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM). Harshul has an MBA in International Business and a MS in Information Systems. Prior to joining PwC, Harshul was a Director of Technology consulting for CBIZ MHM LLC, where he headed the security practice creating and delivering risk assessment services. He also spearheaded IT security and compliance at Sony Corporate audit group performing compliance and audit assessments for Sony Electronics, Sony Music and Sony Pictures. Prior to joining Sony, Harshul was a Security Architect with Verizon / GTE.
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 14 Panelist: Jeremy Sucharski, CISA, CRISC is a Director in Armanino McKenna’s CFO Advisory Services Practice. Jeremy is the Governance, Risk and Compliance practice leader. Jeremy has over 12 years of experience in audit and consulting with a strong focus on SOX, SOC audits and information security consulting. Jeremy currently leads the Governance Risk and Compliance (GRC) and SOC audit practices at Armanino McKenna. Prior to joining AMLLP, Jeremy worked in the Deloitte ERS practice focusing in IT Internal Audit. Prior to Deloitte, Jeremy spent several years with the Federal Government in various finance and IT-related positions. Throughout his ca- reer, Jeremy has focused on assisting clients in designing processes and controls that strike the proper balance between the need to protect a company while not being unduly onerous and restricting their ability to innovate. Jeremy has served clients in a variety of industries including transportation, high technology and consumer products. Panelist: Jay Swaminathan, CISA, CPA, CRISC, Director SOAProjects, provides Internal Audit and IT risk consultation to his clients. Jay has more than 10 years of experience in varied industries. In his current role at SOAProjects, he specializes in implementing optimization and process improvements for his clients in compliance and other areas. His expertise includes in depth knowledge of Oracle EBS, related tools and methodologies to evaluate the ERP system. Prior to SOAProjects, Jay was with the Risk Advisory Services in Ernst & Young. Jay was responsible for managing and executing review of IT systems as part of financial and Sarbanes-Oxley 404 audits of major corporations like Seagate, Spansion, and Copart. Jay was an Oracle Subject Matter Resource (SMR) at Ernst & Young practice and instructed various Oracle training sessions. Jay is the recent past President of the ISACA Silicon Valley chapter and successfully lead the 830-member organization, steering goals and objectives and in collabora- tion with a team of board members, executes programs for the benefit of the members. He instructs the CISA review courses and is a regular speaker at different conferences. Jay is an undergraduate in Management from Bangalore University. Panelist: Douglas A. Brown, Sr. VP of Engineering Operations at NetSuite Inc. (NYSE: N). Brian K. Taylor, CISA, is the SR Director of Compliance, Systems and Tools at NetSuite Inc. (NYSE: N). In this role, Brian is responsible for IT Compliance in such areas as SOC 1/2, SOX ITGC, EU Safe Harbor, and PCI DSS. Brian established and grew NetSuite’s IT Compliance practice, leading the teams that first successfully implemented and achieved SAS 70 and PCI DSS, as well as growing and managing the SOX/Internal Audit team. Before taking on his current responsibilities, he worked on the NetSuite Product Management team, managing customization, scripting, administration, and integration products. He is additionally responsi- ble for the team within NetSuite that runs the company on the NetSuite OneWorld product, as well as an engineering release team. Brian has worked for NetSuite for 12 years, has 10 years experience in IT compliance, and more than 20 years experience in Information Technology. Prior to NetSuite, he worked as a Compliance and Design Engineer at Lucent Technologies. He is a Certified Information Systems Auditor (CISA) and holds a Bachelor of Arts and Science in English and Computer Science from UC Davis and a Masters in Science in Chemistry from the University of Detroit-Mercy
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 15 Platinum Sponsors Silver Sponsors
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 16 ISACA Silicon Valley has been providing IT Audit, Security, and Governance Profes- sionals with the training and networking opportunities they need to compete and thrive since 1982. We are continuing this tradition at our 2012 Summer Conference, where we offer our attendees are a range of industry leaders, speaking to their wis- dom and experience in Enabling Trust through Business in the Cloud. Don’t miss our upcoming Winter Conference, offering two full day courses that move beyond the- ory to emphasize practical skills you can utilize at work or to improve your market- ability. The Conference Committee has worked hard to provide a cost effective, value driven, high quality educational and networking experience. We tailor our events for ISACA members as well as Bay area professionals in governance and compliance fields. We hope we have succeeded. As always, you input is greatly appreciated, and we strongly encourage you to fill-out the Evaluation Forms at the end of each day. You are also welcome to seek us out with any comments or suggestions you might have to help us continually improve. Yours Sincerely, The ISACA SV Summer Conference Commit- tee 2012 Summer Conference Committee Robin Basham, Conference Director Please learn more about the key roles played Sumit Kalra, Chapter President by our volunteers. Read their bios on page 17. Mike Jordan, Chapter Vice President Brendan Lewis - Coordinator Ruchi Verma, Secretary Bala Krishnan - Liaison Robert Ikeoka, Treasurer Pratul Kant - Liaison Greg Edwards, Membership Director Prasad Sanjeevaiah - Liaison Pat Kumar, Communications Director Sivakumar Natesan - Liaison, Web Support Dharshan Shanthamurthy, Certifica- tion Director Monica Pope— Design, flyer Naimish Anarkat, Programs Director Marlin Pohlman - Liaison Larry Halme, Academic Relations Director Mohammed Saifuddi - Marketing Jay Swaminathan, Past President Catherine Skrbina - Registration Committee Members
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 17 Meet the volunteers, ISACA SV Summer Conference Committee Members of the ISACA Silicon Valley Board of Directors put substantial personal efforts to supporting the activities of Summer and Winter Conference. Attendees can learn more about our Board by visiting our website Meet Our Board Brendan Lewis Communication Coordinator, Brendan Lewis has more than 15 years of experience across IT disciplines and currently serves in IT Governance at KLA-Tencor. He recently passed his CGEIT exam. Bala Krishnan Volunteer Coordinator, Bala is a Senior Management Consultant with over 10 years experience focusing on ERP business processes and information risk advisory services for global organizations with expertise in the areas of IT Audit, Compliance, Controls, Data Privacy and SAP Security design/opti- mization. He holds two leading certifications of Certified Information Systems Auditor (CISA) and Certified Informa- tion Privacy Professional (CIPP/IT) and is a former Big 4 Consultant. Pratul Kant Liaison, Pratul is a Senior IT Infrastructure and Information Security professional with over 18 years of experience focusing on Enterprise IT systems, IT infrastructure (including Virtualization, Cloud and SaaS based solutions), Information Security and IT production operations. He holds a degree in Electrical En- gineering (B.Sc. Engineering), a master’s degree in Information Systems (MSIS) and an industry standard information security certification (Certified Information Security Manager or CISM) from ISACA. Monica Pope Flyer support and graphic artist, Monica Pope – SharePoint Administrator and IT Compliance Specialist at DDi. Monica Pope – SharePoint Administrator and IT Compliance Specialist at DDi. 6 years experi- ence with SharePoint Administration. During this time as the Intranet Project Manager for DDi I con- solidated the company’s Intranet using the SharePoint Platform. In the last 8 years, as a member of the IT Security Group and in the role of SOX control owner of the IT Change Management, I coordinated the IT Control Board; developed, updated and communicated IT Policies and Procedures for DDi. Marlin Pohlman Liaison, Chief Technology Officer at Haliphron, uniting Cloud Service Level Agreements to metrics pro- vided by major vendors, Marlin Pohlman is the former Chief Governance Officer of EMC. In this role he coordinated the activities of standards based IT governance with EMC, its Security Division RSA and its holdings in VMWare and Acadia. Dr. Pohlman represents ISACA in ISO SC27 JTC1 and is the co-editor for the 27017 Cloud Security Standard as well as a contributor and shareholder in the CAMM project. He is a licensed engineer and holds the CSA CCSK certification the ISC2 CISSP certification as well as the ISACA CISM, CISA, CGEIT, CRISC certifications, is also a paralegal. Mohammed Saifuddi Liaison, Mohammed graduated from Texas A&M University and as has been Working as a Solutions Architect at Questivity-a Data Center and IT Infrastructure Solutions provider. He is also involved in IS Audits and aligning processes following ITILv3 best practices for Questivity customers. He is ITIL and COBIT trained. We also wish to acknowledge people who showed up to man the registration table and to assist with physical demands in supporting the exhibition, with mention to Catherine Skrbina and Prasad Sanjeevaiah . For support on the website banner, Thank you, Sivakumar Natesan
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 18 Venue Information and a note regarding Academic Relations The 2012 Summer Conference will be held at: Biltmore Hotel & Suites 2151 Laurelwood Road Santa Clara, CA 95054 (408) 988-8411 Free Parking ISACA Supports Academic Research Academic research is the foundation of many of the breakthroughs and new theories supporting the IT assurance, information security and IT governance professional space. ISACA is pleased to sup- port academic research projects by posting these descriptions of peer-reviewed research projects underway. You are encouraged to participate in those you find of special interest or pertinence. ISACA Silicon Valley maintains a relationship with San Jose State University. To learn more contact the Academic Relations Director A special thank you is in order to the companies that volunteered sponsorship for local university students. In addition to their generous conference support, these companies also hosted student attendance for this and future ISACA SV training events.

Recommended

ISACA SV 2013 Winter Conference Brochure
ISACA SV 2013 Winter Conference BrochureISACA SV 2013 Winter Conference Brochure
ISACA SV 2013 Winter Conference BrochureEnterpriseGRC Solutions, Inc.
 
2011 Summer Conference Brochure
2011 Summer Conference Brochure2011 Summer Conference Brochure
2011 Summer Conference BrochureEnterpriseGRC Solutions, Inc.
 
ResumeAsOfApril_30_2016.pdf
ResumeAsOfApril_30_2016.pdfResumeAsOfApril_30_2016.pdf
ResumeAsOfApril_30_2016.pdfGregory Edwards
 
Joseph Mann
Joseph MannJoseph Mann
Joseph MannJoe Mann, CISSP,SSFIPS
 
Managed servoes 2mb
Managed servoes 2mbManaged servoes 2mb
Managed servoes 2mbLisa Thornton
 
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...Nur Shiqim Chok
 
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...Nur Shiqim Chok
 
Cisco DNA
Cisco DNACisco DNA
Cisco DNAMohammad ali Safvati
 

Recommended

ISACA SV 2013 Winter Conference Brochure
ISACA SV 2013 Winter Conference BrochureISACA SV 2013 Winter Conference Brochure
ISACA SV 2013 Winter Conference BrochureEnterpriseGRC Solutions, Inc.
 
2011 Summer Conference Brochure
2011 Summer Conference Brochure2011 Summer Conference Brochure
2011 Summer Conference BrochureEnterpriseGRC Solutions, Inc.
 
ResumeAsOfApril_30_2016.pdf
ResumeAsOfApril_30_2016.pdfResumeAsOfApril_30_2016.pdf
ResumeAsOfApril_30_2016.pdfGregory Edwards
 
Joseph Mann
Joseph MannJoseph Mann
Joseph MannJoe Mann, CISSP,SSFIPS
 
Managed servoes 2mb
Managed servoes 2mbManaged servoes 2mb
Managed servoes 2mbLisa Thornton
 
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...
[Cisco Connect 2018 - Vietnam] Lam doan software-defined access-a transform...Nur Shiqim Chok
 
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...
[Cisco Connect 2018 - Vietnam] 2. lam doan software-defined access-a transf...Nur Shiqim Chok
 
Cisco DNA
Cisco DNACisco DNA
Cisco DNAMohammad ali Safvati
 
Cisco connect winnipeg 2018 a look at network assurance in dna center
Cisco connect winnipeg 2018 a look at network assurance in dna centerCisco connect winnipeg 2018 a look at network assurance in dna center
Cisco connect winnipeg 2018 a look at network assurance in dna centerCisco Canada
 
Building an Adoption Plan: Turning it on(Part 2 of 2)
Building an Adoption Plan: Turning it on(Part 2 of 2)Building an Adoption Plan: Turning it on(Part 2 of 2)
Building an Adoption Plan: Turning it on(Part 2 of 2)Cisco Canada
 
Cisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed ServicesCisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed ServicesCisco Canada
 
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...Cyber Security Alliance
 
Calgary security road show master deck final
Calgary security road show master deck finalCalgary security road show master deck final
Calgary security road show master deck finalScalar Decisions
 
Introduction to ThousandEyes
Introduction to ThousandEyesIntroduction to ThousandEyes
Introduction to ThousandEyesThousandEyes
 
Webex Control Hub - IT Control no matter where they work
Webex Control Hub - IT Control no matter where they work Webex Control Hub - IT Control no matter where they work
Webex Control Hub - IT Control no matter where they work Cisco Webex
 
Brian-Vaughn
Brian-VaughnBrian-Vaughn
Brian-Vaughnbrian vaughn
 
Michael Marange Resume 07-2015
Michael Marange Resume 07-2015Michael Marange Resume 07-2015
Michael Marange Resume 07-2015mmarange
 
Cio resume
Cio resumeCio resume
Cio resumeKen Schirrmacher RCDD MCSA,CTS,DMC-D
 
Keeping Technology Current: A Driver for Change
Keeping Technology Current: A Driver for ChangeKeeping Technology Current: A Driver for Change
Keeping Technology Current: A Driver for ChangeCisco Canada
 
AOS - Overview
AOS - OverviewAOS - Overview
AOS - OverviewNGINX at F5
 
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...Marc Lijour, OCT, BSc, MBA
 
National Government Webinar: Reap the Rewards of IT Consolidation
National Government Webinar: Reap the Rewards of IT ConsolidationNational Government Webinar: Reap the Rewards of IT Consolidation
National Government Webinar: Reap the Rewards of IT ConsolidationSolarWinds
 
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...Cisco Canada
 
SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016SolarWinds
 
Cisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on LabCisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on LabCisco Canada
 
Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...
Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...
Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...Jarrett Neil Ridlinghafer
 
Cloud asia 2012
Cloud asia 2012Cloud asia 2012
Cloud asia 2012teknologiinformasi
 
The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019Insights success media and technology pvt ltd
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud StrategyRedpath Consulting Group
 
Espion and SureSkills Presentation - Your Journey To A Secure Cloud
Espion and SureSkills Presentation - Your Journey To A Secure CloudEspion and SureSkills Presentation - Your Journey To A Secure Cloud
Espion and SureSkills Presentation - Your Journey To A Secure CloudGoogle
 

More Related Content

What's hot

Cisco connect winnipeg 2018 a look at network assurance in dna center
Cisco connect winnipeg 2018 a look at network assurance in dna centerCisco connect winnipeg 2018 a look at network assurance in dna center
Cisco connect winnipeg 2018 a look at network assurance in dna centerCisco Canada
 
Building an Adoption Plan: Turning it on(Part 2 of 2)
Building an Adoption Plan: Turning it on(Part 2 of 2)Building an Adoption Plan: Turning it on(Part 2 of 2)
Building an Adoption Plan: Turning it on(Part 2 of 2)Cisco Canada
 
Cisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed ServicesCisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed ServicesCisco Canada
 
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...Cyber Security Alliance
 
Calgary security road show master deck final
Calgary security road show master deck finalCalgary security road show master deck final
Calgary security road show master deck finalScalar Decisions
 
Introduction to ThousandEyes
Introduction to ThousandEyesIntroduction to ThousandEyes
Introduction to ThousandEyesThousandEyes
 
Webex Control Hub - IT Control no matter where they work
Webex Control Hub - IT Control no matter where they work Webex Control Hub - IT Control no matter where they work
Webex Control Hub - IT Control no matter where they work Cisco Webex
 
Michael Marange Resume 07-2015
Michael Marange Resume 07-2015Michael Marange Resume 07-2015
Michael Marange Resume 07-2015mmarange
 
Keeping Technology Current: A Driver for Change
Keeping Technology Current: A Driver for ChangeKeeping Technology Current: A Driver for Change
Keeping Technology Current: A Driver for ChangeCisco Canada
 
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...Marc Lijour, OCT, BSc, MBA
 
National Government Webinar: Reap the Rewards of IT Consolidation
National Government Webinar: Reap the Rewards of IT ConsolidationNational Government Webinar: Reap the Rewards of IT Consolidation
National Government Webinar: Reap the Rewards of IT ConsolidationSolarWinds
 
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...Cisco Canada
 
SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016SolarWinds
 
Cisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on LabCisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on LabCisco Canada
 

What's hot (17)

Cisco connect winnipeg 2018 a look at network assurance in dna center
Cisco connect winnipeg 2018 a look at network assurance in dna centerCisco connect winnipeg 2018 a look at network assurance in dna center
Cisco connect winnipeg 2018 a look at network assurance in dna center
 
Building an Adoption Plan: Turning it on(Part 2 of 2)
Building an Adoption Plan: Turning it on(Part 2 of 2)Building an Adoption Plan: Turning it on(Part 2 of 2)
Building an Adoption Plan: Turning it on(Part 2 of 2)
 
Cisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed ServicesCisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed Services
 
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
 
Calgary security road show master deck final
Calgary security road show master deck finalCalgary security road show master deck final
Calgary security road show master deck final
 
Introduction to ThousandEyes
Introduction to ThousandEyesIntroduction to ThousandEyes
Introduction to ThousandEyes
 
Webex Control Hub - IT Control no matter where they work
Webex Control Hub - IT Control no matter where they work Webex Control Hub - IT Control no matter where they work
Webex Control Hub - IT Control no matter where they work
 
Brian-Vaughn
Brian-VaughnBrian-Vaughn
Brian-Vaughn
 
Michael Marange Resume 07-2015
Michael Marange Resume 07-2015Michael Marange Resume 07-2015
Michael Marange Resume 07-2015
 
Cio resume
Cio resumeCio resume
Cio resume
 
Keeping Technology Current: A Driver for Change
Keeping Technology Current: A Driver for ChangeKeeping Technology Current: A Driver for Change
Keeping Technology Current: A Driver for Change
 
AOS - Overview
AOS - OverviewAOS - Overview
AOS - Overview
 
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
 
National Government Webinar: Reap the Rewards of IT Consolidation
National Government Webinar: Reap the Rewards of IT ConsolidationNational Government Webinar: Reap the Rewards of IT Consolidation
National Government Webinar: Reap the Rewards of IT Consolidation
 
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
 
SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016
 
Cisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on LabCisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on Lab
 

Similar to 2012 Summer Conference Brochure

Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...
Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...
Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...Jarrett Neil Ridlinghafer
 
Espion and SureSkills Presentation - Your Journey To A Secure Cloud
Espion and SureSkills Presentation - Your Journey To A Secure CloudEspion and SureSkills Presentation - Your Journey To A Secure Cloud
Espion and SureSkills Presentation - Your Journey To A Secure CloudGoogle
 
CSA NY Metro Inaugural Event 5 17 2011 Final
CSA NY Metro Inaugural Event 5 17 2011 FinalCSA NY Metro Inaugural Event 5 17 2011 Final
CSA NY Metro Inaugural Event 5 17 2011 FinalPeister
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud StrategyVISI
 
SpeedyCloud Services Introduction Vol-5
SpeedyCloud Services Introduction Vol-5SpeedyCloud Services Introduction Vol-5
SpeedyCloud Services Introduction Vol-5Zaighum Malik 赞谋
 
Matt Amjad Portfolio (1)
Matt Amjad Portfolio (1)Matt Amjad Portfolio (1)
Matt Amjad Portfolio (1)Mateen Amjad
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldHao Tran
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldInside Analysis
 
Cloud Innovation Tour - Discover Track
Cloud Innovation Tour - Discover TrackCloud Innovation Tour - Discover Track
Cloud Innovation Tour - Discover TrackLaurenWendler
 
World of Watson 2016 - Data lake or Data Swamp
World of Watson 2016 - Data lake or Data SwampWorld of Watson 2016 - Data lake or Data Swamp
World of Watson 2016 - Data lake or Data SwampKeith Redman
 
How to neutralize vulnerabilities in a mixed cloud- on premise environment
How to neutralize vulnerabilities in a mixed cloud- on premise environmentHow to neutralize vulnerabilities in a mixed cloud- on premise environment
How to neutralize vulnerabilities in a mixed cloud- on premise environmentEstuate, Inc.
 

Similar to 2012 Summer Conference Brochure (20)

Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...
Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...
Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...
 
Cloud asia 2012
Cloud asia 2012Cloud asia 2012
Cloud asia 2012
 
The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud Strategy
 
Espion and SureSkills Presentation - Your Journey To A Secure Cloud
Espion and SureSkills Presentation - Your Journey To A Secure CloudEspion and SureSkills Presentation - Your Journey To A Secure Cloud
Espion and SureSkills Presentation - Your Journey To A Secure Cloud
 
CSA NY Metro Inaugural Event 5 17 2011 Final
CSA NY Metro Inaugural Event 5 17 2011 FinalCSA NY Metro Inaugural Event 5 17 2011 Final
CSA NY Metro Inaugural Event 5 17 2011 Final
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud Strategy
 
SpeedyCloud Services Introduction Vol-5
SpeedyCloud Services Introduction Vol-5SpeedyCloud Services Introduction Vol-5
SpeedyCloud Services Introduction Vol-5
 
Architect day 20181128- Morning Sessions
Architect day 20181128- Morning SessionsArchitect day 20181128- Morning Sessions
Architect day 20181128- Morning Sessions
 
7th cloud computing & big data 2013 Summit - 2013
7th cloud computing & big data 2013 Summit - 2013 7th cloud computing & big data 2013 Summit - 2013
7th cloud computing & big data 2013 Summit - 2013
 
Lisa martinez candidate BA
Lisa martinez candidate BA Lisa martinez candidate BA
Lisa martinez candidate BA
 
Cloud webinar final
Cloud webinar finalCloud webinar final
Cloud webinar final
 
Expectations in DRAAS from CSP
Expectations in DRAAS from CSPExpectations in DRAAS from CSP
Expectations in DRAAS from CSP
 
Matt Amjad Portfolio (1)
Matt Amjad Portfolio (1)Matt Amjad Portfolio (1)
Matt Amjad Portfolio (1)
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile World
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile World
 
Cloud Innovation Tour - Discover Track
Cloud Innovation Tour - Discover TrackCloud Innovation Tour - Discover Track
Cloud Innovation Tour - Discover Track
 
World of Watson 2016 - Data lake or Data Swamp
World of Watson 2016 - Data lake or Data SwampWorld of Watson 2016 - Data lake or Data Swamp
World of Watson 2016 - Data lake or Data Swamp
 
How to neutralize vulnerabilities in a mixed cloud- on premise environment
How to neutralize vulnerabilities in a mixed cloud- on premise environmentHow to neutralize vulnerabilities in a mixed cloud- on premise environment
How to neutralize vulnerabilities in a mixed cloud- on premise environment
 
Afternoon Session: Innovation and platform Architect Day
Afternoon Session: Innovation and platform Architect Day Afternoon Session: Innovation and platform Architect Day
Afternoon Session: Innovation and platform Architect Day
 

More from EnterpriseGRC Solutions, Inc.

Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleEnterpriseGRC Solutions, Inc.
 
Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture designEnterpriseGRC Solutions, Inc.
 
CISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesCISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesEnterpriseGRC Solutions, Inc.
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3EnterpriseGRC Solutions, Inc.
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4EnterpriseGRC Solutions, Inc.
 

More from EnterpriseGRC Solutions, Inc. (16)

CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
The Perils of Mount Must Read
The Perils of Mount Must ReadThe Perils of Mount Must Read
The Perils of Mount Must Read
 
Procedures and Controls Documentation Guidelines
Procedures and Controls Documentation GuidelinesProcedures and Controls Documentation Guidelines
Procedures and Controls Documentation Guidelines
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secure
 
Cryptographic lifecycle security training
Cryptographic lifecycle security trainingCryptographic lifecycle security training
Cryptographic lifecycle security training
 
Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture design
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
CISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesCISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studies
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
 
The value of our data
The value of our dataThe value of our data
The value of our data
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
 
Green Tech
Green TechGreen Tech
Green Tech
 

2012 Summer Conference Brochure

  • 1. August 23rd & 24th - Santa Clara, California This event counts towards 14 hours of Continuing Professional Education 14 CPEs ISACA SILICON VALLEY 2012 Summer Conference Enabling Trust: Business In the Cloud Schedule August 23rd 3 Schedule August 24th 4 Day 1 Sessions and Bios 5 Day 2 Sessions and Bios 9 Sponsors 15 From the ISACA SV Board 16 About Our Committee 17 Venue Information 18 Academic Relations 18 Conference BrochureCloud Business Track- What Business has done to Enable our Trust Auditing Track- How Cloud Affects Audit Methods to Ensure & Assess Cutting Edge Business, Audit & Technology Topics 14 Sessions by Notable Industry Experts Thursday Night Networking Reception Sponsor Exhibits and Raffles http://www.isaca-sv.org
  • 2. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 2 Program Day One -Thursday, 23 August 2012 Time Event / Topic Speaker 8:00 AM Registration, Networking & Coffee, 8:45 AM Welcome Message from the ISACA SV President and The ISACA SV Board Sumit Kalra, Robin Basham The ISACA Board 9:00 AM Keynote: Session 1-1: Our Responsibility in the New Cloud Economy Wolfgang Kandek CTO - Qualys, Inc. 9:30 AM Session 1-2 : The Boundaries of Business When Your Business is SaaS. How to Design Software Users Love (Kevin Hale is the Founder of WuFoo, recently acquired by Sur- vey Monkey.) Kevin Hale Sr Product Manager SurveyMonkey 10:30 AM Session 1-3 : Building And Maintaining Trust In An Increasingly Social And Mobile Environment Bill Ender Director, Consulting Practice - EMC Consulting 11:30 AM Lunch and Networking - Enjoy time with Conference Sponsors 12:30 PM Session 1-4: Rethinking Web-Application architecture for the Cloud Arshad Noor CTO - StrongAuth, Inc. 1:30 PM Session 1-5: Intelligent Operations, Leveraging Cloud & Virtualization - Setting The Right Operational Targets David Robbins CIO - Ellie Mae, Inc. 2:30 PM Session 1-6: Business Risk Intelligence - Information Security Management, Risk Management, and Industry Compliance Initiatives - how do you keep it all straight Gordon Shevlin CEO - Allgress Chris Armstrong, CISO - Allgress 3:30 PM Break 3:45 PM Session 1-7: Executive Panel Discussion - Moderator: Eric Tan, PwC Enterprise Systems - The Secret to Their Success • Ahmed Datoo, CMO - Zenprise • Douglas Barbin, Principal, BrightLine • Douglas A. Brown, Sr. VP of Eng Operations, NetSuite, Inc. • Doug Meier, Director Security & Compliance, Pandora 5:15 PM Sponsors Exhibit, Networking & Reception (until 7:30 PM) Cloud Business Track- What Business has done to Enable our Trust
  • 3. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 3 Program Day Two—Friday, 24 August 2012 Time Event / Topic Speaker 8:00 AM Networking & Coffee 8:30 AM Message from the ISACA SV President Sumit Kalra, Robin Basham The ISACA Board 8:45 AM Session 2-1: “Did you want controls with that?” Model for IT Assurance as a Service – The Emergence of Controls in Infrastructure as a Service SLA Jeff Reich CRO - Layered Tech 9:30 AM Session 2-2: Big Business Big Risk, How We Measure a Secure Enterprise Mike Pearl Principal, Cloud Strategy Practice, and Partner - PwC 10:30 AM Session 2-3: Building Enterprise Level Security into Public Clouds Kartik Trivedi VP / Co-Founder at Symosis Lenin Aboagye Apollo Group, Inc. 11:30 AM Lunch and Networking - Enjoy time with Conference Sponsors 12:30 PM Session 2-4: Using COBIT 5 Process Assessment Model (PAM), Followed by “Applying ISACA Guidance to Understanding the Value of Our Data, Big Risk—Big Data” Debra Mallette ISACA SF Past President Robin Basham ISACA SV Conference Dir, CEO, EnterpriseGRC Solutions Inc. 1:30 PM Session 2-5: Benefits and Potential Drawbacks to implementing SAP as a Hosted Solution. How ERP Controls are Same and Different when Serviced In the Cloud Mark Richter President iStreet Solutions, LLC 2:30 PM Session 2-6: Closing the Gap Between Security and Com- pliance Fred Kost Head of Product Marketing Check Point Software Technologies 3:30 PM Break 3:45 PM Session 2-7 Panel Discussion - Moderator: Sumit Kalra, Director at Burr Pilger Mayer Trust Services in Cloud Based Business, Session Description • Jay Swaminathan , Director SOAProjects • Harshul Joshi, Director PwC • Jeremy Sucharski, Dir Armanino McKenna, CFO Advisory Services Practice • Brian K. Taylor, Sr. Dir of Compliance, Systems and Tools at NetSuite Inc. 5:15 PM Sponsor Raffles and Conference Closing Remarks Auditing Track- How Cloud Affects Audit Methods to Ensure and Assess
  • 4. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 4 Session 1-1 Description: Responsibility in the New Cloud Economy Wolfgang is a frequent speaker at security events and forums including Black Hat, RSA Confer- ence, InfoSecurity UK and The Open Group. Wolfgang is the main contributor to the Laws of Vulnerabilities blog. When we asked who might speak to “Responsibility in the New Cloud Economy” Wolfgang’s leadership at Qualys seemed the perfect fit. Presenter: Wolfgang Kandek, CTO - Qualys Wolfgang is responsible for product direction and all operational aspects of the QualysGuard platform and its infrastructure. Wolfgang has over 20 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet. Prior to joining Qualys, Wolfgang was Director of Network Operations at the Online Music streaming company myplay.com and at iSyndicate, an Internet media syndication company. Earlier in his career, Wolfgang held a variety of technical positions at EDS, MCI and IBM. Wolfgang earned master's and bachelor's degrees in computer science from the Technical University of Darmstadt, Germany. Visit: http://www.qualys.com Session 1-2 Description: The Boundaries of Business When Your Business is SaaS– How to Design Software Users Love (Open your mind to business without walls.) There's been a paradigm shift in business over the last 20 years. Users and customers want a relationship. They want to fall in love. When it comes to software and the Internet, you don't have the benefits and reminders of face to face interactions, so it's easy to forget how a little love goes a long way. This session shares the story of Wufoo and also look at how companies and their products are wooing their users, keeping the romance alive and sustaining lasting relationships that turn out to make for profitable returns. Presenter: Kevin Hale, Senior Product Manager - SurveyMonkey Kevin is the Co-founder of Infinity Box Inc, a Y Combinatory seeded company that built Wufoo, an online form builder, ranked by Jakob Nielson as one of the best application UIs of 2008. After selling Wufoo to SurveyMonkey for 35 million dollars in 2011, Kevin is now Sen- ior Product Manager responsible for safeguarding and enhancing the user experience of Sur- veyMonkey's products. The conference feedback forms have been supplied for free by the brilliant engineers and generous founders of Wufoo. Visit: http://www.wufoo.com
  • 5. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 5 Session 1-3 Description: Building and Maintaining Trust in an Increasingly Social and Mo- bile Environment: How do we protect information in a universe increasingly dominated by services (Facebook, Google+, LinkedIn, etc.) and devices (smartphones, iPads, etc.) designed to make information transparent and portable Presenter: Bill Ender, Director, Consulting Practice – EMC Consulting. Bill is EMC's GRC Evangelist. Prior to joining EMC, Bill was Senior VP of Corporate Information Security for Wells Fargo Bank (2003-2010), where he led the creation, implementation an main- tenance of the Information Security Management Program, policy, controls, regulatory compli- ance, training and awareness, reporting and support for Line of Business executives and the company‚ Atos 150+ Information Security Officer community. At Wells Fargo, he developed and maintained strong relationships with key business leaders, Chief Risk Officers, Internal Audit, Corporate Security, Technology Operations, vendors, service providers, and external industry consortia and agencies. He also led the implementation of solutions for automated policy and incident management, control testing, and reporting; promoted integration of Information Secu- rity-specific tools into the Corporate Enterprise Risk Management Reporting Dashboard; and championed a common process/architecture model for all Operational Risk Management disci- plines. Bill's professional career prior to joining Wells Fargo included roles as Chief Technology Officer for a large, Arizona-based Managed IT Services and Application Hosting company; Cofounder and Chief Technology Officer for an industry-leading software development and professional services company in the areas of Identity and Access Management and Secure Web Portals; and 12 years in various Information Technology Operations and Research & Development roles with several divisions of Motorola, Inc., where he led multiple teams in the design and deploy- ment of secure network infrastructure, business process automation, and communication and collaboration tools to support a global community of employees, contractors, customers and partners. Session 1-4 Description: Rethinking Web-Application architecture for the Cloud This session reveals how StrongAuth solves a common business requirement using defined and unique web-application architecture - Regulatory Compliant Cloud Computing (RC3) - which enables secure cloud-computing. The discussion aids the attendee in considering the elements of architecture that would ensure strong security of sensitive data in the public cloud, with emphasis toward a typical low cost budget. StrongAuth, CEO, shares the creation and reasons for the RC3 architecture and how it is validated by customers for securing finan- cial and healthcare data. Visit: http://www.strongauth.com Presenter: Arshad Noor, CTO, StrongAuth Inc.. Known for his significant experience in enterprise-scale IT architecture, cryptography and open-source software, Arshad Noor is the designer and lead-developer of StrongKey; the industry's first open-source Symmetric Key Management System, and the StrongKey Lite En- cryption System - the industry's first appliance combining encryption, tokenization, key-management and a cryptographic hardware module. He is a many time author and speaker at forums on the subject of encryption and key-management.
  • 6. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 6 1-5 Session Description: Intelligent Operations, Leveraging Cloud & Virtualization Setting Right Targets Dave Robbins, Sr. Vice President and CIO at Ellie Mae, Inc. will share his thoughts on the chal- lenges that both internal IT and public facing (SaaS) technology providers face today. He will discuss some of the changing business needs and expectations that are pressing technology service providers to new delivery models and a greater focus on supporting core business strategies. Finally, Mr. Robbins will share the technology journey he has been driving at Ellie Mae and some of the results and lessons learned along the way. Presenter: David Robbins, CIO and Sr. VP of Ellie Mae, Inc. Joining Ellie Mae in January 2012 from a role as Vice President of Global Infrastructure with NetApp. David led North American infrastructure services strategy for Capgemini Outsourc- ing. He is a 30-year veteran of the information technology industry, having been director of engineering services at Totality Inc. and in various leadership roles during a 15-year tenure at Electronic Data Systems. Session 1-6 Description Business Risk Intelligence With all the new regulatory focus on ensuring a comprehensive approaches to managing your Information Security program, Risk Management, and industry compliance initiatives, how do you keep it all straight. Your budgets are not expanding, your resources are constrained, and your leadership is perplexed by the impact of these initiatives on their organization. Co—Presenter: Gordon Shevlin, CEO of Allgress. He brings more than 25 years of business leadership, technical development, sales, marketing and management experience to the company. He previously co-founded SiegeWorks and SiegeWorks International, a digital defense services firm. There, he grew the company from 3 to 120 employees, building a strong inter- national presence and managing its successful acquisition by FishNet Security, the na- tion's leading provider of information security solutions that combine technology, services, support and training. At FishNet, he served as executive vice president of sales. Shevlin graduated from the University of Michigan. Co-Presenter: Chris Armstrong, CISO. He brings 18+ years of experience in information assurance and technology to Allgress. He has a proven track record of influencing product development and strategy in response to the demands of customers who manage information assurance, security and risk programs within large-scale, complex, global environments. Over the course of his career, he has specialized in information security strategy, architecture and operations; global threat management and assurance; risk management; governance and regulatory/statutory compliance; and global policy management and compliance. Prior to his role with Allgress, Armstrong served in simi- lar leadership roles with Fortune 500 companies in the hospitality, high-tech, health care, and financial sectors. He is a Certified Information Systems Security Professional (CISSP).
  • 7. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 7 Session 1-7 Executive Panel Moderator: Eric Tan, CISA, CGEIT, CPA, Director, PwC Eric Tan, CISA, CGEIT and CPA. Eric is a Director at PwC with over twelve years of experience delivering IT governance and risk management solutions. Eric currently leads PwC's cloud and internet assurance practice based in Silicon Valley. He serves as an internal audit and compliance advisor to various leading SaaS providers in the bay area. His experience includes leading large scale system assessments, performing risk and security reviews; business continuity & disaster recovery diagnostics, and helping his clients implement various compliance and control solutions. Eric focuses on clients in the technology sector. Clients he has served includes Google, eBay, LinkedIn, Novell, Tibco, Shutterfly,and Proofpoint. . Panelist: Douglas A. Brown, Sr. VP of Engineering Operations at NetSuite Inc. (NYSE: N). In this role, Doug is responsible for Uptime, Performance, Security, and Compliance of the Net- Suite Service. NetSuite Operations have achieved PCI-DSS, SAS-70, SOC1, EU-SafeHarbor, SOX, and other compliances. He is additionally responsible for the teams within NetSuite such as : Facilities, IT, Infrastructure, Release, Network, DBA, and Systems Administration. Previously he has been responsible for the Quality Assurance and Internal Audit Departments. Doug has worked for NetSuite for 11+ years. Prior to NetSuite, he worked as a Research Chemist at Henkel Corporation. He holds a Bachelor of Arts in Chemistry from Indiana University and a Masters in Science in Chemistry from the University of Detroit-Mercy Panelist: Douglas Barbin, Principal, BrightLine, CPA Firm, PCI QSA, ISO 27001 Registrar. Doug is a Principal at BrightLine, responsible for all attestation, compliance and certification services for the western United States as well as the PCI and federal (FedRAMP) compliance practices firm-wide. After starting his career with Price Waterhouse, he spent the majority of the technology boom building and operating information security and compliance programs for Fortune 500 enterprises and major technology providers. Doug was previously the director of product management for VeriSign’s managed security services business prior its sale to SecureWorks (now Dell). He was also the overall practice leader for VeriSign’s compliance solutions. Doug is a licensed CPA, and maintains other certifications including CISSP, PCI QSA, and certified fraud examiner (CFE). He was one of the first CSA Certificate of Cloud Security Knowledge (CCSK) recipients where he is an active participant in the CSA’s Cloud Control Matrix (CCM) and CloudAudit initiatives. He has dual-degrees in Accounting and Administration of Justice from Penn State and an MBA from Pepperdine.
  • 8. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 8 Session 1-7 Executive Panel Panelist: Doug Meier, Director, Security & Compliance at Pandora Doug brings 20+ years experience designing and managing infrastructure, security, disaster recovery, and compliance programs for Silicon Valley Internet companies. Doug has designed corporate security programs, managed Exchange mail server migrations for a globally distributed enterprise, architected and implemented regulatory compliance programs and Disaster Recovery initiatives, and managed operations of enterprise-wide IT services and knowledge systems. Panelist: Ahmed Datoo, Chief Marketing Officer, Zenprise Ahmed Datoo's experience in the technology industry spans strategic planning, brand marketing, software engineering and product management. Prior to Zenprise, Mr. Datoo was at EDS, where he was a global Director of Product Development. While at EDS, he built and launched several workflow automation and monitoring automation modules that generated multi-million dollar savings globally. Prior to EDS, Mr. Datoo was on Loudcloud's product management team where he focused on monitoring, storage and performance networking products. Previously, he was a brand manager at Yahoo! where he co-developed the print and radio promotions for Yahoo! Shopping. Mr. Datoo began his career as a strategy consultant at Accenture where he created high tech product development strategies for telecos, media conglomerates and hardware manufacturers. Mr. Datoo holds an MBA, M.A., and B.A. from Stanford University.
  • 9. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 9 Session 2-1 Description: "Did You Want Controls With That?" While companies attempt to achieve and maintain compliance in order to reduce or eliminate the regu- latory, statutory or industry pain of non-compliance, no one likes to chase compliance for the sake of being compliant. The complex compliance landscape has overlapping requirements, tools and practices and some of these are even contradictory. Every time you have to focus some of your already limited resources on navigating through the compliance jungle, you pull further and further away from effec- tively utilizing those resources to drive your organization forward. Managed services and cloud services have matured enough to allow you compartmentalize your compliance initiatives and leverage service providers who are qualified to manage compliance needs on your behalf. Like any other outsourced ser- vice, you should expect support and service levels to meet or exceed your expectations. The session will not only focus on what to look for in a Service SLA, but it will also provide recommended best practices for maximizing your relationship with your managed services provider so that you can refocus internal resources on meeting overall business goals. Visit: http://www.layeredtech.com/ Presenter Jeff Reich, Chief Risk Officer, Layered Tech, ISSA Distinguished Fellow, CRISC, CISSP and CHS-II Responsible for driving the company’s security and compliance services and guiding customers’ risk miti- gation efforts. With more than 30 years of experience, Reich is a well-known risk management and secu- rity expert in the hosting market. He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distin- guished Fellow. His extensive background includes successful programs that have dealt with secu- rity policies, information security, internal controls, physical security, liaison work with local and federal law enforcement, regulatory and audit compliance, business continuity planning, abuse and policy en- forcement management, and change control. Prior to joining Layered Tech, Reich was the chief security officer for Rackspace Hosting, and he also held positions as vice president and chief security officer of CheckFree and senior manager of information protection at Dell Inc. 2-2 Session Description: Looking At Cloud Strategy Through The Lens Of Value Strategy – business imperatives, identify technical components of cloud computing in your organization People – Anticipate a reassessment of talent needs; for example, IT will require architects with the ability to leverage the new cloud capabilities. Processes – Anticipate changes across the organization; Technology – Be prepared to address internal challenges, such as data security and governance in the cloud model, and shifting service models to the business. Structure – Thoughtful consideration of the organizational impacts will smooth the transition to cloud computing; for example, consider the impact that rapid and inexpensive provisioning of technology will have on product development. Presenter: Mike Pearl, Principal Cloud Strategy Practice and Partner with PwC. Mike has extensive experience in helping organizations assess, design and implement strategies. Fo- cusing on the improvement of business and technology process, internal controls and risk management he is the lead technology Partner on some of PwC’s larger Technology clients and specializes in delivering consulting services Software and Internet companies. His work includes helping organizations with their process, technology and security issues related to Software Digital Distribution. Specifically he led a web application architecture assessment project over an online software distribution application for a global software company identifying Improvement opportunities related to the architecture and con- trols over the development and operation of the application.
  • 10. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 10 2-3 Session Description : Apollo Group's business vision includes delivering educational and related business services throughout the world in various forms. One of the key solution is a SaaS based offer- ing of educational platform. To execute on the business vision successfully we needed the following: • Agile environment that enables Apollo to scale based on needs of the business • Reduce time to bring new services online • Improve the overall experience of the tenants • Reduced risk to business • Maintain compliance • Global view • Reduce the overall cost Cloud’s value resides in on-demand resources, offering agility to bring new services on, elasticity to scale up and down, an automated self-service model, and access to services from anyplace and any- where in the network. The cloud approach optimizes use of resources to drive a cost-effective solution. Cloud initiatives are critically important to Apollo in achieving the strategic goal of having a nimble IT infrastructure and Education Platform with an solid security backbone. The IaaS cloud delivery model that Apollo chose is a Hybrid Cloud with Amazon being the Public Cloud Vendor. The talk goes into how enterprise-level security can be achieved in any Public cloud as well as non-traditional and customized ways of addressing general security requirements within public clouds from Vulnerability Assessment, Access Management, Key Management, Database Monitoring, IDS/IPS deployment, Application Secu- rity, Database Security , Security Monitoring , Traditional/Virtual Patching etc. .We will also delve into additional security requirements that are unique only to public cloud when it comes to addressing secu- rity of Tenant data. Finally, the discussion will take a journey into the architectural, design, practical implementation, selection process of CSPs, gaps and best practices found through building Apollo’s Education Services on a Hybrid Platform (Public/Private) Presenter: Kartik Trivedi, VP / Co-Founder at Symosis Symosis, a high end mobile and application security advisory firm with more than a decade of experi- ence in providing security risk assessment, quantification, remediation and compliance management services to Fortune 500 companies. Kartik has performed several hundreds application security assess- ments, code reviews, reverse engineering analysis, threat models, penetrations tests, network reviews and incident responses. He was previously the director of application security at Accuvant, Security Manager at McAfee, security consultant at Foundstone and software development engineer at Concept Sol. He has contributed to many security books- hardening code, hacking exposed, how to break web security and is a regular speaker at several conferences including RSA conference, WebAppSec, OWASP and ToorCon. Kartik has MBA and MS degrees and CISM, CISA, CISSP certifications Co-Presenter: Lenin Aboagye, Principal Security Architect at Apollo Group. Responsible for overseeing all security pertaining to Apollo's Education Platform and Applications. He is a seasoned Information Security professional with over 10 years of experience in different roles in the security field. A sought after speaker on Cloud, Mobile and Application Security topics. His experi- ence in security has led him to hold different roles from security analyst, penetration tester, security engineer and security architect roles in several high-profile organizations in Media & Television, Educa- tion, Health, Real Estate and Energy industries. He worked as a Security consultant for Accuvant, Inc. and was also a Senior Security Consultant with Verisign's Global Group. Contributing member of the CSA Security- As- A-Service (SecAAS) working group and is an active participant in several other Infor- mation Security related interests. Lenin holds a BA, and graduated top of his class with a double major in Computer Science and Math.
  • 11. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 11 Session 2-4 Description: Using COBIT 5 Process Assessment Model (PAM) and Cloud Audit Methodology: ISACA Guidance to our Every Day activities to Assess company Services that Extend to the Cloud This is an introduction to the newly updated ISO/IEC 15504 compliant, COBIT 5 Process Assessment Model (PAM). This model is the basis for the assessment of an enterprise’s IT processes against COBIT 5. The assessment model is useful for identifying the enterprise’ current state, setting targets for desired improvement, and recognizing progress in implementing the processes that support and enable excellence in strategic alignment, value delivery, risk management and resource management. Use of the COBIT 5.0 Process Assessment Model gives and evidence and standards based assessment of process capability. Presenter: ISACA SF President Debra Mallette CGEIT®, CISA®, CSSBB (ASQ Certified Six Sigma Black Belt), and Managed Change™ Master, is an early adopter of COBIT for imple- menting IT Governance. Having used the COBIT 3 Maturity Model, written ISACA/ITGI’s SEI CMM to COBIT 4.0 and SEI CMMI to COBIT 4.1 mapping papers, and serving on the COBIT 5. Development Group, she was asked to serve as an expert reviewer for the COBIT 4.1 and COBIT 5 Process Assessment Method (PAM). She has previously been a certified SEI CMMI assessor and ISO TickIT qualified. Debra has been working with quality management systems, systems of internal control, process performance measurement, monitoring, and improvement programs throughout most of her career. She is an ISACA certified instructor for Implementing and Continuously Improving IT Governance, V3.0, as well as Introduction to COBIT 5. Past President of ISACA San Francisco Chapter, for her day job, she’s an ITIL Service Management Process Consultant Specialist in Kaiser Permanente’s 5000 person-strong IT organization serving the largest and original Health Maintenance Organization in the United States. Session 2-4 Description—Part Two Big Risk, Big Data, showing the issues in assigning govern- ance, risk and compliance steps to projects using "Big Data" technologies. This presentation is an interactive discussion that is likely to spill into conversations throughout the remainder of the day. To preview the points, view more at http://www.enterprisegrc.com/ IMA_ValofData/ Presenter: ISACA SV Conference Director, Robin Basham, M.ED, M.IT, CISA, CGEIT, CRISC, ACC, CRP, VRP, and HISP, Managing Partner, EnterpriseGRC Solutions Inc.® Over the last decade Robin has architect more than 70 GRC programs, delivering end to end solutions with full knowledge transfer to program owners and users. Robin is also past president for the Association for Certified Green Technology Auditors, ACGTA, a frequent committee contribu- tor to the ISACA Silicon Valley Chapter and liaison to the ITSMF SV chapter, as well as fre- quent participant in Cloud Security Alliance local chapter. EnterpriseGRC Solutions is recently added to the Cloud Credential Council and is named to the certification committee of The Holistic Information Security Practitioner Institute (HISPI). EnterpriseGRC Solutions® is an active sponsor to Information Systems Audit and Control Association, ISACA®, listed as corporate sponsor and many time CobiT® trainer for the ITGI.
  • 12. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 12 2-5 Session Description: Similarities, Benefits and Potential Drawbacks to implementing SAP as a Hosted Solution - This session examines several common audit programs as outlined IS- ACA's Security Audit and Control Features for SAP ECC 6.0 guidance and as recommended in general ERP compliance practice. Visit http://www.istreetsolutions.com/ Presenter: Mark Richter, President, iStreet Solutions, LLC. Mark Richter has over 30 years’ experience helping companies improve profits and uncover additional economic value by applying enterprise best practices and the latest in information technology solutions. His vision is transformative and critical to creating the iStreet Services Platform as he blends cloud and virtualization technologies, with the security considerations demanded of dedicated platforms. His career began at Hewlett-Packard where he held various technology and leadership positions, moved to VoIP startup Appiant Technologies and then Ragingwire Enterprise Solutions. Before founding iStreet Solutions in 2004 he served as business application hosting Infrastructure Practice Director at Rapidigm, now a part of Fujitsu Consulting. Mark holds an MBA and Bachelor of Science degree in engineering. Session 2-6 Closing the Gap Between Security and Compliance New technologies and the way we work are challenging the traditional controls put in place for security. How we deploy security to maintain control and visibility has to change to keep up. Check Point’s approach using multi-layered security can provide the necessary controls and provide the visibility to confidently embrace these new technologies and ways of working Presenter: Fred Kost, Head of Product Marketing at Check Point Software Technologies Fred brings a wealth of marketing and security experience and a passion for security. Prior to joining Check Point, Fred was director of security marketing for Cisco where he led marketing for the portfolio of security products and solutions. He has extensive network security experience spanning both established industry leaders and early stage ventures. Fred has held technology marketing and development positions with Recourse Technologies, Symantec, nCircle and Blue Lane Technologies. He earned a Bachelor of Science in Electrical Engineering from Purdue University and an MBA from the University of North Carolina.
  • 13. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 13 Session 2-7 Panel Discussion Session 2-7 Description: Trust Services in Cloud Based Business, Session Descrip- tion: Companies depending on SOC 1, SOC 2 and SOC 3 need to be clear in the extent of expo- sure analysis and more transparent in what they commit to external reporting. This panel in- cludes Directors in Information Audit who have specific experience in assisting public and pri- vate companies in selecting and achieving external reporting requirements. The session will consider where the current standards need improvement and how new frameworks from AICPA and ISACA can assist in filling gaps. Moderator: Sumit Kalra, CISA, CISSP, is a Director at Burr Pilger Mayer, where he manages the Assurance Services practice specializing in information technology, SAS70 Audits, and assessments. His 12 years of industry experience include 6 years at international CPA firms, and 6 years at companies in the technology, consumer products and financial services industries. His knowledge base spans a variety of ERP solutions and complex infrastructure implementations. Sumit has a BS in Accounting and Computer Information Systems from San Francisco State University. Panelist: Harshul Joshi, CISSP, CISA, CISM, Director PwC. As a Director in the security practice with primary areas of focus in IT security and compliance based risk assessments, Harshul's expertise includes Threat and Vulnerability modeling and security architecture. He has worked with various compliance standards including: PCI (Payment Card Industry), Sarbanes Oxley 404, GLBA (Gramm Leach Bliley Act), PCI (Payment Card Industry) and SAS 70. Harshul has worked in Fortune 100 companies assisting with IT compliance, audit and security initiatives and is an internationally known speaker. Some of the sample topics he speaks on include PCI, Wireless Security, Auditing Firewalls and Intrusion Detection, Risks of IT Outsourcing and Offshoring and Performing IT Risk assessment from a Business stand-point. He has spoken at various conferences in Singapore, India and in United States. He is a regular speaker at ISACA North American Conference as well as Network Security Conference. Harshul is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM). Harshul has an MBA in International Business and a MS in Information Systems. Prior to joining PwC, Harshul was a Director of Technology consulting for CBIZ MHM LLC, where he headed the security practice creating and delivering risk assessment services. He also spearheaded IT security and compliance at Sony Corporate audit group performing compliance and audit assessments for Sony Electronics, Sony Music and Sony Pictures. Prior to joining Sony, Harshul was a Security Architect with Verizon / GTE.
  • 14. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 14 Panelist: Jeremy Sucharski, CISA, CRISC is a Director in Armanino McKenna’s CFO Advisory Services Practice. Jeremy is the Governance, Risk and Compliance practice leader. Jeremy has over 12 years of experience in audit and consulting with a strong focus on SOX, SOC audits and information security consulting. Jeremy currently leads the Governance Risk and Compliance (GRC) and SOC audit practices at Armanino McKenna. Prior to joining AMLLP, Jeremy worked in the Deloitte ERS practice focusing in IT Internal Audit. Prior to Deloitte, Jeremy spent several years with the Federal Government in various finance and IT-related positions. Throughout his ca- reer, Jeremy has focused on assisting clients in designing processes and controls that strike the proper balance between the need to protect a company while not being unduly onerous and restricting their ability to innovate. Jeremy has served clients in a variety of industries including transportation, high technology and consumer products. Panelist: Jay Swaminathan, CISA, CPA, CRISC, Director SOAProjects, provides Internal Audit and IT risk consultation to his clients. Jay has more than 10 years of experience in varied industries. In his current role at SOAProjects, he specializes in implementing optimization and process improvements for his clients in compliance and other areas. His expertise includes in depth knowledge of Oracle EBS, related tools and methodologies to evaluate the ERP system. Prior to SOAProjects, Jay was with the Risk Advisory Services in Ernst & Young. Jay was responsible for managing and executing review of IT systems as part of financial and Sarbanes-Oxley 404 audits of major corporations like Seagate, Spansion, and Copart. Jay was an Oracle Subject Matter Resource (SMR) at Ernst & Young practice and instructed various Oracle training sessions. Jay is the recent past President of the ISACA Silicon Valley chapter and successfully lead the 830-member organization, steering goals and objectives and in collabora- tion with a team of board members, executes programs for the benefit of the members. He instructs the CISA review courses and is a regular speaker at different conferences. Jay is an undergraduate in Management from Bangalore University. Panelist: Douglas A. Brown, Sr. VP of Engineering Operations at NetSuite Inc. (NYSE: N). Brian K. Taylor, CISA, is the SR Director of Compliance, Systems and Tools at NetSuite Inc. (NYSE: N). In this role, Brian is responsible for IT Compliance in such areas as SOC 1/2, SOX ITGC, EU Safe Harbor, and PCI DSS. Brian established and grew NetSuite’s IT Compliance practice, leading the teams that first successfully implemented and achieved SAS 70 and PCI DSS, as well as growing and managing the SOX/Internal Audit team. Before taking on his current responsibilities, he worked on the NetSuite Product Management team, managing customization, scripting, administration, and integration products. He is additionally responsi- ble for the team within NetSuite that runs the company on the NetSuite OneWorld product, as well as an engineering release team. Brian has worked for NetSuite for 12 years, has 10 years experience in IT compliance, and more than 20 years experience in Information Technology. Prior to NetSuite, he worked as a Compliance and Design Engineer at Lucent Technologies. He is a Certified Information Systems Auditor (CISA) and holds a Bachelor of Arts and Science in English and Computer Science from UC Davis and a Masters in Science in Chemistry from the University of Detroit-Mercy
  • 15. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 15 Platinum Sponsors Silver Sponsors
  • 16. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 16 ISACA Silicon Valley has been providing IT Audit, Security, and Governance Profes- sionals with the training and networking opportunities they need to compete and thrive since 1982. We are continuing this tradition at our 2012 Summer Conference, where we offer our attendees are a range of industry leaders, speaking to their wis- dom and experience in Enabling Trust through Business in the Cloud. Don’t miss our upcoming Winter Conference, offering two full day courses that move beyond the- ory to emphasize practical skills you can utilize at work or to improve your market- ability. The Conference Committee has worked hard to provide a cost effective, value driven, high quality educational and networking experience. We tailor our events for ISACA members as well as Bay area professionals in governance and compliance fields. We hope we have succeeded. As always, you input is greatly appreciated, and we strongly encourage you to fill-out the Evaluation Forms at the end of each day. You are also welcome to seek us out with any comments or suggestions you might have to help us continually improve. Yours Sincerely, The ISACA SV Summer Conference Commit- tee 2012 Summer Conference Committee Robin Basham, Conference Director Please learn more about the key roles played Sumit Kalra, Chapter President by our volunteers. Read their bios on page 17. Mike Jordan, Chapter Vice President Brendan Lewis - Coordinator Ruchi Verma, Secretary Bala Krishnan - Liaison Robert Ikeoka, Treasurer Pratul Kant - Liaison Greg Edwards, Membership Director Prasad Sanjeevaiah - Liaison Pat Kumar, Communications Director Sivakumar Natesan - Liaison, Web Support Dharshan Shanthamurthy, Certifica- tion Director Monica Pope— Design, flyer Naimish Anarkat, Programs Director Marlin Pohlman - Liaison Larry Halme, Academic Relations Director Mohammed Saifuddi - Marketing Jay Swaminathan, Past President Catherine Skrbina - Registration Committee Members
  • 17. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 17 Meet the volunteers, ISACA SV Summer Conference Committee Members of the ISACA Silicon Valley Board of Directors put substantial personal efforts to supporting the activities of Summer and Winter Conference. Attendees can learn more about our Board by visiting our website Meet Our Board Brendan Lewis Communication Coordinator, Brendan Lewis has more than 15 years of experience across IT disciplines and currently serves in IT Governance at KLA-Tencor. He recently passed his CGEIT exam. Bala Krishnan Volunteer Coordinator, Bala is a Senior Management Consultant with over 10 years experience focusing on ERP business processes and information risk advisory services for global organizations with expertise in the areas of IT Audit, Compliance, Controls, Data Privacy and SAP Security design/opti- mization. He holds two leading certifications of Certified Information Systems Auditor (CISA) and Certified Informa- tion Privacy Professional (CIPP/IT) and is a former Big 4 Consultant. Pratul Kant Liaison, Pratul is a Senior IT Infrastructure and Information Security professional with over 18 years of experience focusing on Enterprise IT systems, IT infrastructure (including Virtualization, Cloud and SaaS based solutions), Information Security and IT production operations. He holds a degree in Electrical En- gineering (B.Sc. Engineering), a master’s degree in Information Systems (MSIS) and an industry standard information security certification (Certified Information Security Manager or CISM) from ISACA. Monica Pope Flyer support and graphic artist, Monica Pope – SharePoint Administrator and IT Compliance Specialist at DDi. Monica Pope – SharePoint Administrator and IT Compliance Specialist at DDi. 6 years experi- ence with SharePoint Administration. During this time as the Intranet Project Manager for DDi I con- solidated the company’s Intranet using the SharePoint Platform. In the last 8 years, as a member of the IT Security Group and in the role of SOX control owner of the IT Change Management, I coordinated the IT Control Board; developed, updated and communicated IT Policies and Procedures for DDi. Marlin Pohlman Liaison, Chief Technology Officer at Haliphron, uniting Cloud Service Level Agreements to metrics pro- vided by major vendors, Marlin Pohlman is the former Chief Governance Officer of EMC. In this role he coordinated the activities of standards based IT governance with EMC, its Security Division RSA and its holdings in VMWare and Acadia. Dr. Pohlman represents ISACA in ISO SC27 JTC1 and is the co-editor for the 27017 Cloud Security Standard as well as a contributor and shareholder in the CAMM project. He is a licensed engineer and holds the CSA CCSK certification the ISC2 CISSP certification as well as the ISACA CISM, CISA, CGEIT, CRISC certifications, is also a paralegal. Mohammed Saifuddi Liaison, Mohammed graduated from Texas A&M University and as has been Working as a Solutions Architect at Questivity-a Data Center and IT Infrastructure Solutions provider. He is also involved in IS Audits and aligning processes following ITILv3 best practices for Questivity customers. He is ITIL and COBIT trained. We also wish to acknowledge people who showed up to man the registration table and to assist with physical demands in supporting the exhibition, with mention to Catherine Skrbina and Prasad Sanjeevaiah . For support on the website banner, Thank you, Sivakumar Natesan
  • 18. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 18 Venue Information and a note regarding Academic Relations The 2012 Summer Conference will be held at: Biltmore Hotel & Suites 2151 Laurelwood Road Santa Clara, CA 95054 (408) 988-8411 Free Parking ISACA Supports Academic Research Academic research is the foundation of many of the breakthroughs and new theories supporting the IT assurance, information security and IT governance professional space. ISACA is pleased to sup- port academic research projects by posting these descriptions of peer-reviewed research projects underway. You are encouraged to participate in those you find of special interest or pertinence. ISACA Silicon Valley maintains a relationship with San Jose State University. To learn more contact the Academic Relations Director A special thank you is in order to the companies that volunteered sponsorship for local university students. In addition to their generous conference support, these companies also hosted student attendance for this and future ISACA SV training events.