ISACA-SV Summer Conference 2012 Event
August 23rd & 24th, 2012
Enabling Trust: Business In the Cloud

For the most up to date conference information - please visit http://www.isaca-sv.org

The ISACA Silicon Valley Chapter invites you to our 2012 Summer Conference, “Enabling Trust: Business in The Cloud”, August 23rd and 24th at the Biltmore in Santa Clara (2151 Laurelwood Road, Santa Clara).

We invite you to join in this well recognized event that counts towards 16 Continuing Professional Education or CPE credits. Learn strategies that extend presenter's wisdom to our real needs in keeping Bay Area companies both competitive and safe. Take this valuable opportunity to network with Silicon Valley Bay Area Information Systems Audit, Information Security, and Compliance Professionals.

Thursday, August 23

Cloud Business Track- What Business has done to Enable our Trust
This day will include: Breakfast Networking and Registration, Keynote Address and Presentations, Luncheon, Panels, Sponsor Exhibition and Networking Reception

Friday, August 24

Auditing Track - How Cloud Impacts Audit Methods to Ensure and Assess Business and Auditor Perspectives
This day will include: Breakfast Networking and Registration, Keynote Address and Presentations, Luncheon, Panels, Sponsor Exhibition and Raffle

Pricing:

Early Bird Member* $175
Early Bird Non-Member* $225
Early Bird Student* $150
Registration after August 1st
Member $225
Non-Member $275
Student $ 200
Special Pricing:
One-Day Member $140
One-Day Non-Member $165
Thursday Night Reception Only $35

Our Venue is The Biltmore

Biltmore Hotel & Suites
2151 Laurelwood Road, Santa Clara, CA
(408) 988-8411

Reserve your room early and Save

With warmest regards, The ISACA Silicon Valley Board

Extras - We hope everyone will take time to thoroughly enjoy the

• Vendor Exhibits
• Thursday Evening Reception
• Sponsor Raffles
• Networking

Responsibility in the New Cloud Economy

Presenter and Keynote: Wolfgang Kandek, Chief Technology Officer, Qualys, As the CTO for Qualys, Wolfgang is responsible for product direction and all operational aspects of the QualysGuard platform and its infrastructure. (continued)

More About Wolfgang Kandek: Wolfgang has over 20 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet. Prior to joining Qualys, Wolfgang was Director of Network Operations at the Online Music streaming company myplay.com and at iSyndicate, an Internet media syndication company. Earlier in his career, Wolfgang held a variety of technical positions at EDS, MCI and IBM. Wolfgang earned master's and bachelor's degrees in computer science from the Technical University of Darmstadt, Germany.

Wolfgang is a frequent speaker at security events and forums including Black Hat, RSA Conference, InfoSecurity UK and The Open Group. Wolfgang is the main contributor to the Laws of Vulnerabilities blog.

1-1 Session Description: (More details coming soon) Visit: http://www.qualys.com

The Boundaries of Business When Your Business is SaaS– How to Design Software Users Love

Presenter: Kevin Hale is the Co-founder of Infinity Box Inc, a Y Combinator seeded company that built Wufoo (http://wufoo.com), an online form builder that was was ranked by Jakob Nielson as one of the best application UIs of 2008 and later acquired by SurveyMonkey (http://surveymonkey.com) in 2011.

More about Kevin Hale: After selling WuFoo to SurveyMonkey for 35 million dollars, Kevin now serves as a Senior Product Manager responsible for safeguarding and enhancing the user experience of SurveyMonkey's products.

1-2 Session Description: There's been a paradigm shift in business over the last 20 years. Users and customers want a relationship. They want to fall in love. When it comes to software and the Internet, you don't have the benefits and reminders of face to face interactions, so it's easy to forget how a little love goes a long way. This session shares the story of Wufoo and also look at how companies and their products are wooing their users, keeping the romance alive and sustaining lasting relationships that turn out to make for profitable returns. Visit:http://surveymonkey.com

Building and Maintaining Trust in an Increasingly Social and Mobile Environment

Presenter: Bill Ender, Director, Consulting Practice – EMC Consulting, is EMC's GRC Evangelist. Prior to joining EMC, Bill was Senior Vice President of Corporate Information Security for Wells Fargo Bank (2003-2010). (continued) Visit: http://www.rsa.com

More About Bill Ender: (continued) where he led the creation, implementation and maintenance of the Information Security Management Program, policy, controls, regulatory compliance, training and awareness, reporting and support for Line of Business executives and the company’s 150+ Information Security Officer community. At Wells Fargo, he developed and maintained strong relationships with key business leaders, Chief Risk Officers, Internal Audit, Corporate Security, Technology Operations, vendors, service providers, and external industry consortia and agencies. He also led the implementation of solutions for automated policy and incident management, control testing, and reporting; promoted integration of Information Security-specific tools into the Corporate Enterprise Risk Management Reporting Dashboard; and championed a common process/architecture model for all Operational Risk Management disciplines.

Bill's professional career prior to joining Wells Fargo included roles as Chief Technology Officer for a large, Arizona-based Managed IT Services and Application Hosting company; Cofounder and Chief Technology Officer for an industry-leading software development and professional services company in the areas of Identity and Access Management and Secure Web Portals; and 12 years in various Information Technology Operations and Research & Development roles with several divisions of Motorola, Inc., where he led multiple teams in the design and deployment of secure network infrastructure, business process automation, and communication and collaboration tools to support a global community of employees, contractors, customers and partners.

1-3 Session Description: How do we protect information in a universe increasingly dominated by services (Facebook, Google+, LinkedIn, etc.) and devices (smartphones, iPads, etc.) designed to make information transparent and portable?

Rethinking Web-Application architecture for the Cloud

Presenter: Arshad Noor, CTO, StrongAuth Inc.., known for his Significant experience in enterprise-scale IT architecture, cryptography and open-source software, Arshad Noor is the designer and lead-developer of StrongKey, (continue below)

More about Arshad Noor: (continued) the industry's first open-source Symmetric Key Management System, and the StrongKey Lite Encryption System - the industry's first appliance combining encryption, tokenization, key-management and a cryptographic hardware module. He is a many time author and speaker at forums on the subject of encryption and key-management.

1- 4 Session Description: This session reveals how StrongAuth solves a common business requirement using defined and unique web-application architecture - Regulatory Compliant Cloud Computing (RC3) - which enables secure cloud-computing. The discussion aids the attendee in considering the elements of architecture that would ensure strong security of sensitive data in the public cloud, with emphasis toward a typical low cost budget. StrongAuth, CEO, shares the creation and reasons for the RC3 architecture and how it is validated by customers for securing financial and healthcare data. Visit: http://www.strongauth.com

Intelligent Operations, Leveraging Cloud & Virtualization – Setting Right Targets

Presenter: Chief Information Officer, David Robbins, Ellie Mae, Inc. serves as CIO and senior vice president of Ellie Mae, joining them in January 2012 from a role as vice president of global infrastructure with NetApp. (continued)

More about David Robbins: (continued) David Robbins led North American infrastructure services strategy for Capgemini Outsourcing, and is a 30-year veteran of the information technology industry, having been director of engineering services at Totality Inc. and in various leadership roles during a 15-year tenure at Electronic Data Systems.

1-5 Session Description: (more soon) visit http://www.elliemae.com

Ellie Mae® is a provider of enterprise solutions, including an online network, software and services for the residential mortgage industry. The Ellie Mae Network™, which we established in 2000, is one of the largest electronic mortgage origination networks in the United States and enables mortgage originators to securely conduct electronic business transactions with lenders and settlement service providers. Using our network technology, we have helped connect a fragmented world of mortgage bankers, mortgage brokers, community banks, credit unions, lenders and service providers, all of which are integral to the origination and funding of residential mortgages.

Managing Security and Compliance - GRC - in the Cloud – Governing the Moving Target (the mobile CMDB)

Gordon Shevlin, CEO Allgress
Presenting with Chris Armstrong, Chief Information Security Officer, CISSP

Read More about Gordon Shevlin and Chris Armstrong (continued)

More About Gordon Shevlin. CEO Allgress: (continued) Gordon is Chief Executive Officer, and part owner of Allgress, Inc., providing IT security solutions to companies challenged by complex security and regulatory environments. Previously, he was Executive Vice President of FishNet Security. Allgress, a company making it easier and more efficient to manage risk and provide insight in governance, risk and compliance, is at a very exciting point, having just launched in June, and involving a well known veteran to Technology Standards and frameworks, David Cullinane, as their new CTO. Also well recognized in the Bay Area C level circuit is Jeff Bennet, president and COO of Allgress. As described in a recent article by Allen Shimmel, at NetWork World, Gordon Shevlin, and Jeff Bennet have chosen to launch this company "along with Dave Cullinane, former CISO of eBay. Dave is pretty close to security royalty and is widely respected in the industry. So, when he helps advise a company to design a GRC solution, I pay attention and so should you." >

More About Chris Armstrong, Chief Information Security Officer: Chris Armstrong brings 17 years of experience in information assurance and technology to Allgress. He has a proven track record of influencing product development and strategy in response to the demands of customers who manage information assurance, security and risk programs within large-scale, complex, global environments. Over the course of his career, he has specialized in information security strategy, architecture and operations; global threat management and assurance; risk management; governance and regulatory/statutory compliance; and global policy management and compliance. Prior to his role with Allgress, Armstrong served in similar leadership roles with Fortune 500 companies in the hospitality, high-tech, health care, and financial sectors. He is a Certified Information Systems Security Professional (CISSP).

1-6 Session Description:Description: With all the new regulatory focus on ensuring a comprehensive approaches to managing your Information Security program, Risk Management, and industry compliance initiatives, how do you keep it all straight. Your budgets are not expanding, your resources are constrained, and your leadership is perplexed by the impact of these initiatives on their organization. CMDB, the moving mobile target, is an interactive exploration of the highs and lows of compliance and security risk management.

Enterprise Systems in the Cloud - Executive Panel - The Secret to Their Success

Moderator: Eric Tan, PwC

Douglas A. Brown is the Senior Vice President of Engineering Operations at NetSuite Inc. (NYSE: N).  In this role, Doug is responsible for Uptime, Performance, Security, and Compliance of the NetSuite Service.  NetSuite Operations  have achieved PCI-DSS, SAS-70, SOC1, EU-SafeHarbor, SOX, and other compliances.  He is additionally responsible for the teams within

Douglas Barbin, Principal, BrightLine

Douglas Barbin, Principal at BrightLine - CPA Firm, PCI QSA, ISO 27001 Registrar

Doug Meier, Director, Security & Compliance at Pandora

Doug brings 20+ years experience designing and managing infrastructure, security, disaster recovery, and compliance programs for Silicon Valley Internet companies. Doug has designed corporate security programs, managed Exchange mail server migrations for a globally distributed enterprise, architected and implemented regulatory compliance programs and Disaster Recovery initiatives, and managed operations of enterprise-wide IT services and knowledge systems.

Eric Tan, CISA, CGEIT, CPA, Director, PwC

Eric Tan, CISA, CGEIT and CPA. Eric is a Director at PwC with over twelve years of experiencedelivering IT governance and risk management solutions. Eric currently leads PwC'scloud and internet assurance practice based in Silicon Valley. He serves as an internalaudit and compliance advisor to various leading SaaS providers in the bay area. His experienceincludes leading large scale system assessments, performing risk and securityreviews; business continuity & disaster recovery diagnostics, and helping his clients implementvarious compliance and control solutions. Eric focuses on clients in the technologysector. Clients he has served includes Google, eBay, LinkedIn, Novell, Tibco, Shutterfly,and Proofpoint.

Ahmed Datoo, Chief Marketing Officer, Zenprise

Ahmed Datoo's experience in the technology industry spans strategic planning, brand marketing, software engineering and product management. Prior to Zenprise, Mr. Datoo was at EDS, where he was a global Director of Product Development. While at EDS, (continued)

Stay tuned for more panel members. If you would like to be invited to speak with our panel, please e-mail TheConference-Director@isaca-sv.org

Our Panel Discussions often bring back speakers from throughout the day. We can't get enough from our experts.

Presenter Jeff Reich, Chief Risk Officer, Layered Tech

As chief risk officer at Layered Tech, Jeff Reich is responsible for driving the company’s security and compliance services and guiding customers’ risk mitigation efforts. With more than 30 years of experience, Reich is a well-known risk management and security expert in the hosting market. (Continued)

More About Jeff Reich: (continued) He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distinguished Fellow. His extensive background includes successful programs that have dealt with security policies, information security, internal controls, physical security, liaison work with local and federal law enforcement, regulatory and audit compliance, business continuity planning, abuse and policy enforcement management, and change control. Prior to joining Layered Tech, Reich was the chief security officer for Rackspace Hosting, and he also held positions as vice president and chief security officer of CheckFree and senior manager of information protection at Dell Inc.

2-1 Session Description: "Did You Want Controls With That?" While companies attempt to achieve and maintain compliance in order to reduce or eliminate the regulatory, statutory or industry pain of non-compliance, no one likes to chase compliance for the sake of being compliant. The complex compliance landscape has overlapping requirements, tools and practices and some of these are even contradictory. Every time you have to focus some of your already limited resources on navigating through the compliance jungle, you pull further and further away from effectively utilizing those resources to drive your organization forward. Managed services and cloud services have matured enough to allow you compartmentalize your compliance initiatives and leverage service providers who are qualified to manage compliance needs on your behalf. Like any other outsourced service, you should expect support and service levels to meet or exceed your expectations. The session will not only focus on what to look for in a Service SLA, but it will also provide recommended best practices for maximizing your relationship with your managed services provider so that you can refocus internal resources on meeting overall business goals. Visit: http://www.layeredtech.com/

Presenter Mike Pearl, Principal, Cloud Strategy Practice,and Partner with PricewaterhouseCoopers located in San Jose, focuses on delivering consulting, security and auditing services. He has extensive experience in helping organizations assess, design and implement strategies . (continued)

More about Michael Pearl: (continued) focusing on the improvement of business and technology process, internal controls and risk management Mike is the lead technology Partner on some of PwC’s larger Technology clients and specializes in delivering consulting services Software and Internet companies. Mike's specific work includes working with organizations helping them with process, technology and security issues related to Software Digital Distribution. Specifically he led a web application architecture assessment project over an online software distribution application for a global software company identifying improvement opportunities related to the architecture and controls over the development and operation of the application. He has also led several web application security assessments focused on customer facing applications understanding risks, vulnerabilities and privacy issues related to the handling of large volumes of customer data. Mike's work also includes the development of thought leadership on issues related to Software Digital Distribution.

2-2 Session Description: Looking At Cloud Strategy Through The Lens Of Value

Building Enterprise Level Security into Public Clouds

Presenter Kartik Trivedi, VP / Co-Founder at Symosis – a high end mobile and application security advisory firm – and has more than a decade of experience in providing security risk assessment, quantification, remediation and compliance management services to Fortune 500 companies (continued)

Co Presenter Lenin Aboagye is a seasoned Information Security professional with over 10 years of experience in different roles in the security field. A sought after speaker on Cloud, Mobile and Application Security topics. (continued)

More About Kartik Trivedi: (continued) and growing businesses. He has performed several hundreds application security assessments, code reviews, reverse engineering analysis, threat models, penetrations tests, network reviews and incident responses. Kartik was previously director of application security at Accuvant, Security Manager at McAfee, security consultant at Foundstone and software development engineer at Concept Sol. Kartik has contributed to many security books- hardening code, hacking exposed, how to break web security and is a regular speaker at several conferences including RSA conference, WebAppSec, OWASP and ToorCon. Kartik has MBA and MS degrees and CISM, CISA, CISSP certifications. Visit http://symosis.com

More About Lenin Aboagye: (continued) Lenin's varied experience in security has led him to hold different roles from security analyst, penetration tester, security engineer and security architect roles in several high-profile organizations in Media & Television, Education, Health, Real Estate and Energy industries. Lenin worked as a Security consultant for Accuvant, Inc (a Denver-based security consulting firm) and was also a Senior Security Consultant with Verisign's Global Group. Lenin currently serves as the Principal Security Architect at Apollo Group, primarily responsible for overseeing all security pertaining to Apollo's Education Platform and Applications. Lenin is a contributing member of the CSA (Cloud Security Alliance) Security- As- A Service (SecAAS) working group and is an active participant in several other Information Security related interests. Lenin holds a BA, and graduated top of his class with a double major in Computer Science and Math, Visit http://apollogroup.edu

2-3Session Description :Apollo Group's business vision includes delivering educational and related business services throughout the world in various forms. One of the key solution is a SaaS based offering of educational platform. To execute on the business vision successfully we needed the following:

• Agile environment that enables Apollo to scale based on needs of the business
• Reduce time to bring new services online
• Improve the overall experience of the tenants
• Reduced risk to business
• Maintain compliance
• Global view
• Reduce the overall cost

Cloud’s value resides in on-demand resources, offering agility to bring new services on, elasticity to scale up and down, an automated self-service model, and access to services from anyplace and anywhere in the network. The cloud approach optimizes use of resources to drive a cost-effective solution. Cloud initiatives are critically important to Apollo in achieving the strategic goal of having a nimble IT infrastructure and Education Platform with an solid security backbone. The IaaS cloud delivery model that Apollo chose is a Hybrid Cloud with Amazon being the Public Cloud Vendor. The talk goes into how enterprise-level security can be achieved in any Public cloud as well as non-traditional and customized ways of addressing general security requirements within public clouds from Vulnerability Assessment, Access Management, Key Management, Database Monitoring, IDS/IPS deployment, Application Security, Database Security , Security Monitoring , Traditional/Virtual Patching etc. .We will also delve into additional security requirements that are unique only to public cloud when it comes to addressing security of Tenant data. Finally, the discussion will take a journey into the architectural, design, practical implementation, selection process of CSPs, gaps and best practices found through building Apollo’s Education Services on a Hybrid Platform (Public/Private)

Using COBIT 5 Process Assessment Model (PAM) and Cloud Audit Methodology: ISACA Guidance For Every Day Compliance Extending to the Cloud

ISACA SF President Debra Mallette CGEIT®, CISA®, CSSBB (ASQ Certified Six Sigma Black Belt), and Managed Change™ Master, is an early adopter of COBIT for implementing IT Governance. Having used the COBIT 3 Maturity Model, (continued)

ISACA SV Conference Director,
Robin Basham, M.ED, M.IT, CISA, CGEIT, CRISC, ACC, CRP, VRP, and HISP, Managing Partner, EnterpriseGRC Solutions Inc.® creator of Facilitated Compliance Management Software (4Point GRC), and founder of Phoenix Business and Systems Process, Inc. (continued)

More About Debra Mallette: (continued) written ISACA/ITGI’s SEI CMM to COBIT 4.0 and SEI CMMI to COBIT 4.1 mapping papers, and serving on the COBIT 5. Development Group, she was asked to serve as an expert reviewer for the COBIT 4.1 and COBIT 5 Process Assessment Method (PAM). She has previously been a certified SEI CMMI assessor and ISO TickIT qualified. Debra has been working with quality management systems, systems of internal control, process performance measurement, monitoring, and improvement programs throughout most of her career. She is an ISACA certified instructor for Implementing and Continuously Improving IT Governance, V3.0, as well as Introduction to COBIT 5. Past President of ISACA San Francisco Chapter, for her day job, she’s an ITIL Service Management Process Consultant Specialist in Kaiser Permanente’s 5000 person-strong IT organization serving the largest and original Health Maintenance Organization in the United States.

More About Robin Basham:Recent Conference Director for the ISACA Silicon Valley Board, ITPreneurs partner, and board advisor for Holistic Information Security Practitioners, Robin now leads Cloud Security & Virtualization Controls Management training in the San Francisco and Bay Area. As EnterpriseGRC Solutions lead architect, Robin brings team experience leveraging platforms such as Oracle, Archer, SAP, Web Applications like Joomla, Visual Studio, Access and SharePoint. As an Archer Certified Consultant and SharePoint architect, she’s known for successful GRC implementations, supplying overall design, development and training to companies ranging from start up to fortune five hundred. Over the last decade Robin has architect more than 70 GRC programs, delivering end to end solutions with full knowledge transfer to program owners and users. Corporate leadership includes acting as technical liaison for ISACA in development of the OCEG Redbook V1, TC Co-Chair for OMG’s Open Regulatory Compliance Architecture (ORCA) project, working with co-chairs EMC’s Chief Governance Officer, Dr. Marlin Pohlman and world expert, Dr. Said Tabet. Robin’s companies remain active in emerging standards with participation on recent releases from ISACA® for both Oracle R12 and SAP ECC 6.0 controls. Ms. Basham is also past president for the Association for Certified Green Technology Auditors, ACGTA, a frequent committee contributor to the ISACA Silicon Valley Chapter and liaison to the ITSMF SV chapter, as well as frequent participant in Cloud Security Alliance local chapter. EnterpriseGRC Solutions is recently added to the Cloud Credential Council and is named to the certification committee of The Holistic Information Security Practitioner Institute (HISPI). EnterpriseGRC Solutions® is an active sponsor to Information Systems Audit and Control Association, ISACA®, listed as corporate sponsor and many time CobiT® trainer for the ITGI. Visit http://enterprisegrc.com

2-4 Session Description: Using COBIT 5 Process Assessment Model (PAM) and Cloud Audit Methodology: ISACA Guidance to our Every Day activities to Assess company Services that Extend to the Cloud

Part 1: This is an introduction to the newly updated ISO/IEC 15504 compliant, COBIT 5 Process Assessment Model (PAM). This model is the basis for the assessment of an enterprise’s IT processes against COBIT 5. The assessment model is useful for identifying the enterprise’ current state, setting targets for desired improvement, and recognizing progress in implementing the processes that support and enable excellence in strategic alignment, value delivery, risk management and resource management. Use of the COBIT 5.0 Process Assessment Model gives and evidence and standards based assessment of process capability.

Part 2: This component of the discussion is a live demonstration showing a SharePoint implementation using ISACA's Cloud Computing Management Audit Assurance Program, and mapping to an existing CobiT driven compliance self assessment programs used to meet SOX ITGCC audit requirements.

Benefits and Potential Drawbacks to implementing SAP as a Hosted Solution; How ERP Controls are Same and Different when Serviced In the Cloud

Presenter, Mark Richter, President, iStreet Solutions, LLC, Mark Richter has over 30 years’ experience helping companies improve profits and uncover additional economic value by applying enterprise best practices and the latest in information technology solutions.

More About Mark Richter: His vision is transformative and critical to creating the iStreet Services Platform as he blends cloud and virtualization technologies, with the security considerations demanded of dedicated platforms. His career began at Hewlett-Packard where he held various technology and leadership positions, moved to VoIP startup Appiant Technologies and then Ragingwire Enterprise Solutions. Before founding iStreet Solutions in 2004 he served as business application hosting Infrastructure Practice Director at Rapidigm, now a part of Fujitsu Consulting. Mark holds an MBA and Bachelor of Science degree in engineering.

iStreet Solutions specializes in Managed Hosting, Colocation, Disaster Recovery, Dedicated Hosting, and Managed Colocation. ERP and CRM applications from SAP, Microsoft, and Oracle, delivering SAP hosting since 2005.

2-4 Session Description: Similarities, Benefits and Potential Drawbacks to implementing SAP as a Hosted Solution - This session examines several common audit programs as outlined ISACA's Security Audit and Control Features for SAP ECC 6.0 guidance and as recommended in general ERP compliance practice. Visit http://www.istreetsolutions.com/

Staying In Bounds - The Feedback we Need to Comply

Presenter, Fred Kost, Head of Product Marketing at Check Point Software Technologies

Fred Kost brings a wealth of marketing and security experience and a passion for security.  Prior to joining Check Point, Fred was director of security marketing for Cisco where he led marketing for the portfolio of security products and solutions.  Fred has extensive network security experience spanning both established industry leaders and early stage ventures.  (Continued)

More About Fred Kost: (continued) He has held technology marketing and development positions with Recourse Technologies, Symantec, nCircle and Blue Lane Technologies.  Fred earned a Bachelor of Science in Electrical Engineering from Purdue University and an MBA from the University of North Carolina.

2-6 Session Description: What are the business problems that security products should be trying to solve.  Are we in a world of absolutes?  What does it take to be resilient? How does a company take risks and still stay within bounds?

2-7 Panel Discussion: Trust Services in Cloud Based Business, Session Description: Companies depending on SOC 1, SOC 2 and SOC 3 need to be clear in the extent of exposure analysis and more transparent in what they commit to external reporting. This panel includes Directors in Information Audit who have specific experience in assisting public and private companies in selecting and achieving external reporting requirements. The session will consider where the current standards need improvement and how new frameworks from AICPA and ISACA can assist in filling gaps.

Moderator to be named soon

Jay Swaminantham, CISA, CPA, CRISC, Director SOAProjects, provides Internal Audit and IT risk consultation to his clients. Jay has more than 10 years of experience in varied industries. In his current role at SOAProjects, he specializes in implementing optimization and process improvements for his clients in compliance and other areas. His expertise includes

Harshul Joshi, CISSP, CISA, CISM, Director PwC, As a Director in the security practice with primary areas of focus in IT security and compliance based risk assessments, Harshul's expertise includes Threat and Vulnerability modeling and security architecture. He has worked with various compliance standards including (continued)

More About Jeremy A. Sucharski: (continued) Jeremy has over 12 years of experience in audit and consulting with a strong focus on SOX, SOC audits and information security consulting. Jeremy currently leads the Governance Risk and Compliance (GRC) and SOC audit practices at Armanino McKenna. Prior to joining AMLLP, Jeremy worked in the Deloitte ERS practice focusing in IT Internal Audit. Prior to Deloitte, Jeremy spent several years with the Federal Government in various finance and IT-related positions.

Throughout his career, Jeremy has focused on assisting clients in designing processes and controls that strike the proper balance between the need to protect a company while not being unduly onerous and restricting their ability to innovate. Jeremy has served clients in a variety of industries including transportation, high technology and consumer products.

(This 2 day event counts towards 16 hours of Continuing Professional Education or 14 CPEs.)

Your friends and collegues at ISACA Silicon Valley chapter can't wait to see you. This year's event is going to be fascinating, excillerating, and a lot of fun.

We also hope you join us in giving special thanks to the conference committee volunteers, without whom, such events would not be possible. Providing weekly meetings, binding flyers, drafting letters, being a liaison to our graceous speakers, updating and proofing our brochures, and assisting in the overall quality management of the Summer Conference, we acknowledge, Bala Krishnan, Almaz Tesfamarian, Sivakumar Natesan, Brendan Lewis, Monica Pope, Prasad Sanjeevaiah, Pratul Kant and Marlin Pohlman. We also thank Pat Kumar, Robert Ikeoka, and Ruchi (Verma) Gupta for their added Board of Directors responsibilities in coordinating our conference business, and for all the wisdom provided by the full membership of our board. Your support is greatly appreciated.

Yours Sincerely,

The ISACA Silicon Valley Board of Directors, and ISACA Silicon Valley Summer Conference Committee

Robin Basham, Conference Director, ISACA Silicon Valley TheConference-Director@isaca-sv.org

Sumit Kalra, Chapter President, ISACA Silicon Valley ThePresident@isaca-sv.org