Bet you wish you were there! Read Responsibility in the New Cloud Economy by Wolfgang Kandek (News)
ISACA-SV Summer Conference 2012 Event August 23rd & 24th, 2012 Enabling Trust: Business In the Cloud
For the most up to date conference information - please visit http://www.isaca-sv.org
The ISACA Silicon Valley Chapter invites you to our 2012 Summer Conference, “Enabling Trust: Business in The Cloud”, August 23rd and 24th at the Biltmore in Santa Clara (2151 Laurelwood Road, Santa Clara).
We invite you to join in this well recognized event that counts towards 16 Continuing Professional Education or CPE credits. Learn strategies that extend presenter's wisdom to our real needs in keeping Bay Area companies both competitive and safe. Take this valuable opportunity to network with Silicon Valley Bay Area Information Systems Audit, Information Security, and Compliance Professionals.
(This 2 day event counts towards 14 hours of Continuing Professional Education or 16 CPEs.)
Thursday, August 23
Cloud Business Track- What Business has done to Enable our Trust This day will include: Breakfast Networking and Registration, Keynote Address and Presentations, Luncheon, Panels, Sponsor Exhibition and Networking Reception
8:00 AM - 8:50 AM Registration 5:15 PM- 7:30 PM Networking and Reception
Friday, August 24
Auditing Track - How Cloud Impacts Audit Methods to Ensure and Assess Business and Auditor Perspectives This day will include: Breakfast Networking and Registration, Keynote Address and Presentations, Luncheon, Panels, Sponsor Exhibition and Raffle
8:00 AM - 8:40 AM Registration 5:15 PM Closing Remarks and Raffle
Early Bird Member* $175 Early Bird Non-Member* $225 Early Bird Student* $150 Registration after August 1st Member $225 Non-Member $275 Student $ 200 Special Pricing: One-Day Member $140 One-Day Non-Member $165 Thursday Night Reception Only $35
With warmest regards, The ISACA Silicon Valley Board
Extras - We hope everyone will take time to thoroughly enjoy the
Thursday Evening Reception
Responsibility in the New Cloud Economy
Presenter and Keynote: Wolfgang Kandek, Chief Technology Officer, Qualys, As the CTO for Qualys, Wolfgang is responsible for product direction and all operational aspects of the QualysGuard platform and its infrastructure. (continued)
More About Wolfgang Kandek: Wolfgang has over 20 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet. Prior to joining Qualys, Wolfgang was Director of Network Operations at the Online Music streaming company myplay.com and at iSyndicate, an Internet media syndication company. Earlier in his career, Wolfgang held a variety of technical positions at EDS, MCI and IBM. Wolfgang earned master's and bachelor's degrees in computer science from the Technical University of Darmstadt, Germany.
Wolfgang is a frequent speaker at security events and forums including Black Hat, RSA Conference, InfoSecurity UK and The Open Group. Wolfgang is the main contributor to the Laws of Vulnerabilities blog.
The Boundaries of Business When Your Business is SaaS– How to Design Software Users Love
Presenter: Kevin Hale is the Co-founder of Infinity Box Inc, a Y Combinator seeded company that built Wufoo (http://wufoo.com), an online form builder that was was ranked by Jakob Nielson as one of the best application UIs of 2008 and later acquired by SurveyMonkey (http://surveymonkey.com) in 2011.
More about Kevin Hale: After selling WuFoo to SurveyMonkey for 35 million dollars, Kevin now serves as a Senior Product Manager responsible for safeguarding and enhancing the user experience of SurveyMonkey's products.
1-2 Session Description: There's been a paradigm shift in business over the last 20 years. Users and customers want a relationship. They want to fall in love. When it comes to software and the Internet, you don't have the benefits and reminders of face to face interactions, so it's easy to forget how a little love goes a long way. This session shares the story of Wufoo and also look at how companies and their products are wooing their users, keeping the romance alive and sustaining lasting relationships that turn out to make for profitable returns. Visit:http://surveymonkey.com
1`-3 Sponsoring Organization
Building and Maintaining Trust in an Increasingly Social and Mobile Environment
Presenter:Bill Ender, Director, Consulting Practice – EMC Consulting, is EMC's GRC Evangelist. Prior to joining EMC, Bill was Senior Vice President of Corporate Information Security for Wells Fargo Bank (2003-2010). (continued) Visit: http://www.rsa.com
More About Bill Ender: (continued) where he led the creation, implementation and maintenance of the Information Security Management Program, policy, controls, regulatory compliance, training and awareness, reporting and support for Line of Business executives and the company‚Äôs 150+ Information Security Officer community. At Wells Fargo, he developed and maintained strong relationships with key business leaders, Chief Risk Officers, Internal Audit, Corporate Security, Technology Operations, vendors, service providers, and external industry consortia and agencies. He also led the implementation of solutions for automated policy and incident management, control testing, and reporting; promoted integration of Information Security-specific tools into the Corporate Enterprise Risk Management Reporting Dashboard; and championed a common process/architecture model for all Operational Risk Management disciplines.
Bill's professional career prior to joining Wells Fargo included roles as Chief Technology Officer for a large, Arizona-based Managed IT Services and Application Hosting company; Cofounder and Chief Technology Officer for an industry-leading software development and professional services company in the areas of Identity and Access Management and Secure Web Portals; and 12 years in various Information Technology Operations and Research & Development roles with several divisions of Motorola, Inc., where he led multiple teams in the design and deployment of secure network infrastructure, business process automation, and communication and collaboration tools to support a global community of employees, contractors, customers and partners.
1-3 Session Description: How do we protect information in a universe increasingly dominated by services (Facebook, Google+, LinkedIn, etc.) and devices (smartphones, iPads, etc.) designed to make information transparent and portable?
1- 4 Sponsoring Organization
Rethinking Web-Application architecture for the Cloud
Presenter: Arshad Noor, CTO, StrongAuth Inc.., known for his Significant experience in enterprise-scale IT architecture, cryptography and open-source software, Arshad Noor is the designer and lead-developer of StrongKey, (continue below)
More about Arshad Noor: (continued) the industry's first open-source Symmetric Key Management System, and the StrongKey Lite Encryption System - the industry's first appliance combining encryption, tokenization, key-management and a cryptographic hardware module. He is a many time author and speaker at forums on the subject of encryption and key-management.
1- 4 Session Description: This session reveals how StrongAuth solves a common business requirement using defined and unique web-application architecture - Regulatory Compliant Cloud Computing (RC3) - which enables secure cloud-computing. The discussion aids the attendee in considering the elements of architecture that would ensure strong security of sensitive data in the public cloud, with emphasis toward a typical low cost budget. StrongAuth, CEO, shares the creation and reasons for the RC3 architecture and how it is validated by customers for securing financial and healthcare data. Visit: http://www.strongauth.com
1-5 Sponsoring Organization
Intelligent Operations, Leveraging Cloud & Virtualization – Setting Right Targets
Presenter: Chief Information Officer, David Robbins, Ellie Mae, Inc. serves as CIO and senior vice president of Ellie Mae, joining them in January 2012 from a role as vice president of global infrastructure with NetApp. (continued)
More about David Robbins: (continued) David Robbins led North American infrastructure services strategy for Capgemini Outsourcing, and is a 30-year veteran of the information technology industry, having been director of engineering services at Totality Inc. and in various leadership roles during a 15-year tenure at Electronic Data Systems.
Ellie Mae® is a provider of enterprise solutions, including an online network, software and services for the residential mortgage industry. The Ellie Mae Network™, which we established in 2000, is one of the largest electronic mortgage origination networks in the United States and enables mortgage originators to securely conduct electronic business transactions with lenders and settlement service providers. Using our network technology, we have helped connect a fragmented world of mortgage bankers, mortgage brokers, community banks, credit unions, lenders and service providers, all of which are integral to the origination and funding of residential mortgages.
1- 6 Sponsoring Organization
Managing Security and Compliance - GRC - in the Cloud – Governing the Moving Target (the mobile CMDB)
Gordon Shevlin, CEO Allgress Presenting with Chris Armstrong, Chief Information Security Officer, CISSP
Read More about Gordon Shevlin and Chris Armstrong (continued)
More About Gordon Shevlin. CEO Allgress: (continued) Gordon is Chief Executive Officer, and part owner of Allgress, Inc., providing IT security solutions to companies challenged by complex security and regulatory environments. Previously, he was Executive Vice President of FishNet Security. Allgress, a company making it easier and more efficient to manage risk and provide insight in governance, risk and compliance, is at a very exciting point, having just launched in June, and involving a well known veteran to Technology Standards and frameworks, David Cullinane, as their new CTO. Also well recognized in the Bay Area C level circuit is Jeff Bennet, president and COO of Allgress. As described in a recent article by Allen Shimmel, at NetWork World, Gordon Shevlin, and Jeff Bennet have chosen to launch this company "along with Dave Cullinane, former CISO of eBay. Dave is pretty close to security royalty and is widely respected in the industry. So, when he helps advise a company to design a GRC solution, I pay attention and so should you." >
More About Chris Armstrong, Chief Information Security Officer: Chris Armstrong brings 17 years of experience in information assurance and technology to Allgress. He has a proven track record of influencing product development and strategy in response to the demands of customers who manage information assurance, security and risk programs within large-scale, complex, global environments. Over the course of his career, he has specialized in information security strategy, architecture and operations; global threat management and assurance; risk management; governance and regulatory/statutory compliance; and global policy management and compliance. Prior to his role with Allgress, Armstrong served in similar leadership roles with Fortune 500 companies in the hospitality, high-tech, health care, and financial sectors. He is a Certified Information Systems Security Professional (CISSP).
1-6 Session Description:Description: With all the new regulatory focus on ensuring a comprehensive approaches to managing your Information Security program, Risk Management, and industry compliance initiatives, how do you keep it all straight. Your budgets are not expanding, your resources are constrained, and your leadership is perplexed by the impact of these initiatives on their organization. CMDB, the moving mobile target, is an interactive exploration of the highs and lows of compliance and security risk management.
1- 7 Sponsoring Organizations
Enterprise Systems in the Cloud - Executive Panel - The Secret to Their Success
Moderator: Eric Tan, PwC
Douglas A. Brown is the Senior Vice President of Engineering Operations at NetSuite Inc. (NYSE: N). In this role, Doug is responsible for Uptime, Performance, Security, and Compliance of the NetSuite Service. NetSuite Operations have achieved PCI-DSS, SAS-70, SOC1, EU-SafeHarbor, SOX, and other compliances. He is additionally responsible for the teams within
More About Doug Brown: NetSuite such as Facilities, IT, Infrastructure,Release, Network, DBA, and Systems Administration. Previously he has been responsible for the Quality Assurance and Internal Audit Departments. Doug has worked for NetSuite for 11+ years. Prior to NetSuite, he worked as a Research Chemist at Henkel Corporation. He holds a Bachelor of Arts in Chemistry from Indiana University and a Masters in Science in Chemistry from the University of Detroit-Mercy.
1- 7 Sponsoring Organization
Douglas Barbin, Principal, BrightLine
Douglas Barbin, Principal at BrightLine - CPA Firm, PCI QSA, ISO 27001 Registrar
1- 7 Sponsoring Organization
Doug Meier, Director, Security & Compliance at Pandora
Doug brings 20+ years experience designing and managing infrastructure, security, disaster recovery, and compliance programs for Silicon Valley Internet companies. Doug has designed corporate security programs, managed Exchange mail server migrations for a globally distributed enterprise, architected and implemented regulatory compliance programs and Disaster Recovery initiatives, and managed operations of enterprise-wide IT services and knowledge systems.
1- 7 Sponsoring Organization
Eric Tan, CISA, CGEIT, CPA, Director, PwC
Eric Tan, CISA, CGEIT and CPA. Eric is a Director at PwC with over twelve years of experiencedelivering IT governance and risk management solutions. Eric currently leads PwC'scloud and internet assurance practice based in Silicon Valley. He serves as an internalaudit and compliance advisor to various leading SaaS providers in the bay area. His experienceincludes leading large scale system assessments, performing risk and securityreviews; business continuity & disaster recovery diagnostics, and helping his clients implementvarious compliance and control solutions. Eric focuses on clients in the technologysector. Clients he has served includes Google, eBay, LinkedIn, Novell, Tibco, Shutterfly,and Proofpoint.
1- 7 Sponsoring Organization
Ahmed Datoo, Chief Marketing Officer, Zenprise
Ahmed Datoo's experience in the technology industry spans strategic planning, brand marketing, software engineering and product management. Prior to Zenprise, Mr. Datoo was at EDS, where he was a global Director of Product Development. While at EDS, (continued)
More About Ahmed Datoo: (continued) he built and launched several workflow automation and monitoring automation modules that generated multi-million dollar savings globally. Prior to EDS, Mr. Datoo was on Loudcloud's product management team where he focused on monitoring, storage and performance networking products. Previously, he was a brand manager at Yahoo! where he co-developed the print and radio promotions for Yahoo! Shopping. Mr. Datoo began his career as a strategy consultant at Accenture where he created high tech product development strategies for telecos, media conglomerates and hardware manufacturers. Mr. Datoo holds an MBA, M.A., and B.A. from Stanford University.
Our Panel Discussions often bring back speakers from throughout the day. We can't get enough from our experts.
Reception to Follow
“Did you want controls with that?” Model for IT Assurance as a Service – The Emergence of Controls in Infrastructure as a Service SLA
Presenter Jeff Reich, Chief Risk Officer, Layered Tech
As chief risk officer at Layered Tech, Jeff Reich is responsible for driving the company’s security and compliance services and guiding customers’ risk mitigation efforts. With more than 30 years of experience, Reich is a well-known risk management and security expert in the hosting market. (Continued)
More About Jeff Reich: (continued) He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distinguished Fellow. His extensive background includes successful programs that have dealt with security policies, information security, internal controls, physical security, liaison work with local and federal law enforcement, regulatory and audit compliance, business continuity planning, abuse and policy enforcement management, and change control. Prior to joining Layered Tech, Reich was the chief security officer for Rackspace Hosting, and he also held positions as vice president and chief security officer of CheckFree and senior manager of information protection at Dell Inc.
2-1 Session Description: "Did You Want Controls With That?" While companies attempt to achieve and maintain compliance in order to reduce or eliminate the regulatory, statutory or industry pain of non-compliance, no one likes to chase compliance for the sake of being compliant. The complex compliance landscape has overlapping requirements, tools and practices and some of these are even contradictory. Every time you have to focus some of your already limited resources on navigating through the compliance jungle, you pull further and further away from effectively utilizing those resources to drive your organization forward. Managed services and cloud services have matured enough to allow you compartmentalize your compliance initiatives and leverage service providers who are qualified to manage compliance needs on your behalf. Like any other outsourced service, you should expect support and service levels to meet or exceed your expectations. The session will not only focus on what to look for in a Service SLA, but it will also provide recommended best practices for maximizing your relationship with your managed services provider so that you can refocus internal resources on meeting overall business goals. Visit: http://www.layeredtech.com/
Big Business Big Risk, How We Measure a Secure Enterprise;PricewaterhouseCoopers offers guidance on cloud computing, resolving technology barriers
Presenter Mike Pearl, Principal, Cloud Strategy Practice,and Partner with PricewaterhouseCoopers located in San Jose, focuses on delivering consulting, security and auditing services. He has extensive experience in helping organizations assess, design and implement strategies . (continued)
More about Michael Pearl: (continued) focusing on the improvement of business and technology process, internal controls and risk management Mike is the lead technology Partner on some of PwC’s larger Technology clients and specializes in delivering consulting services Software and Internet companies. Mike's specific work includes working with organizations helping them with process, technology and security issues related to Software Digital Distribution. Specifically he led a web application architecture assessment project over an online software distribution application for a global software company identifying improvement opportunities related to the architecture and controls over the development and operation of the application. He has also led several web application security assessments focused on customer facing applications understanding risks, vulnerabilities and privacy issues related to the handling of large volumes of customer data. Mike's work also includes the development of thought leadership on issues related to Software Digital Distribution.
2-2 Session Description: Looking At Cloud Strategy Through The Lens Of Value
Strategy – Begin with business imperatives, then identify the technical components of cloud computing your organization already has in place. People – Anticipate a reassessment of talent needs; for example, IT will require architects with the ability to leverage the new cloud capabilities. Processes – Anticipate changes across the organization; for example, R&D will need to align more tightly with IT, and Finance will need to anticipate impacts on profitability, budgeting, and depreciation when shifting product purchases to service delivery of IT. Technology – Be prepared to address internal challenges, such as data security and governance in the cloud model, and shifting service models to the business. Structure – Thoughtful consideration of the organizational impacts will smooth the transition to cloud computing; for example, consider the impact that rapid and inexpensive provisioning of technology will have on product development.
2-3 Sponsoring Organization
Building Enterprise Level Security into Public Clouds
Presenter Kartik Trivedi, VP / Co-Founder at Symosis – a high end mobile and application security advisory firm – and has more than a decade of experience in providing security risk assessment, quantification, remediation and compliance management services to Fortune 500 companies (continued)
Co Presenter Lenin Aboagye is a seasoned Information Security professional with over 10 years of experience in different roles in the security field. A sought after speaker on Cloud, Mobile and Application Security topics. (continued)
More About Kartik Trivedi: (continued) and growing businesses. He has performed several hundreds application security assessments, code reviews, reverse engineering analysis, threat models, penetrations tests, network reviews and incident responses. Kartik was previously director of application security at Accuvant, Security Manager at McAfee, security consultant at Foundstone and software development engineer at Concept Sol. Kartik has contributed to many security books- hardening code, hacking exposed, how to break web security and is a regular speaker at several conferences including RSA conference, WebAppSec, OWASP and ToorCon. Kartik has MBA and MS degrees and CISM, CISA, CISSP certifications. Visit http://symosis.com
More About Lenin Aboagye: (continued) Lenin's varied experience in security has led him to hold different roles from security analyst, penetration tester, security engineer and security architect roles in several high-profile organizations in Media & Television, Education, Health, Real Estate and Energy industries. Lenin worked as a Security consultant for Accuvant, Inc (a Denver-based security consulting firm) and was also a Senior Security Consultant with Verisign's Global Group. Lenin currently serves as the Principal Security Architect at Apollo Group, primarily responsible for overseeing all security pertaining to Apollo's Education Platform and Applications. Lenin is a contributing member of the CSA (Cloud Security Alliance) Security- As- A Service (SecAAS) working group and is an active participant in several other Information Security related interests. Lenin holds a BA, and graduated top of his class with a double major in Computer Science and Math, Visit http://apollogroup.edu
2-3Session Description :Apollo Group's business vision includes delivering educational and related business services throughout the world in various forms. One of the key solution is a SaaS based offering of educational platform. To execute on the business vision successfully we needed the following:
Agile environment that enables Apollo to scale based on needs of the business
Reduce time to bring new services online
Improve the overall experience of the tenants
Reduced risk to business
Reduce the overall cost
Cloud’s value resides in on-demand resources, offering agility to bring new services on, elasticity to scale up and down, an automated self-service model, and access to services from anyplace and anywhere in the network. The cloud approach optimizes use of resources to drive a cost-effective solution. Cloud initiatives are critically important to Apollo in achieving the strategic goal of having a nimble IT infrastructure and Education Platform with an solid security backbone. The IaaS cloud delivery model that Apollo chose is a Hybrid Cloud with Amazon being the Public Cloud Vendor. The talk goes into how enterprise-level security can be achieved in any Public cloud as well as non-traditional and customized ways of addressing general security requirements within public clouds from Vulnerability Assessment, Access Management, Key Management, Database Monitoring, IDS/IPS deployment, Application Security, Database Security , Security Monitoring , Traditional/Virtual Patching etc. .We will also delve into additional security requirements that are unique only to public cloud when it comes to addressing security of Tenant data. Finally, the discussion will take a journey into the architectural, design, practical implementation, selection process of CSPs, gaps and best practices found through building Apollo’s Education Services on a Hybrid Platform (Public/Private)
2-4 Sponsoring Organization
Using COBIT 5 Process Assessment Model (PAM) and Cloud Audit Methodology: ISACA Guidance For Every Day Compliance Extending to the Cloud
ISACA SF President Debra Mallette CGEIT®, CISA®, CSSBB (ASQ Certified Six Sigma Black Belt), and Managed Change™ Master, is an early adopter of COBIT for implementing IT Governance. Having used the COBIT 3 Maturity Model, (continued)
ISACA SV Conference Director, Robin Basham, M.ED, M.IT, CISA, CGEIT, CRISC, ACC, CRP, VRP, and HISP, Managing Partner, EnterpriseGRC Solutions Inc.® creator of Facilitated Compliance Management Software (4Point GRC), and founder of Phoenix Business and Systems Process, Inc. (continued)
More About Debra Mallette: (continued) written ISACA/ITGI’s SEI CMM to COBIT 4.0 and SEI CMMI to COBIT 4.1 mapping papers, and serving on the COBIT 5. Development Group, she was asked to serve as an expert reviewer for the COBIT 4.1 and COBIT 5 Process Assessment Method (PAM). She has previously been a certified SEI CMMI assessor and ISO TickIT qualified. Debra has been working with quality management systems, systems of internal control, process performance measurement, monitoring, and improvement programs throughout most of her career. She is an ISACA certified instructor for Implementing and Continuously Improving IT Governance, V3.0, as well as Introduction to COBIT 5. Past President of ISACA San Francisco Chapter, for her day job, she’s an ITIL Service Management Process Consultant Specialist in Kaiser Permanente’s 5000 person-strong IT organization serving the largest and original Health Maintenance Organization in the United States.
More About Robin Basham:Recent Conference Director for the ISACA Silicon Valley Board, ITPreneurs partner, and board advisor for Holistic Information Security Practitioners, Robin now leads Cloud Security & Virtualization Controls Management training in the San Francisco and Bay Area. As EnterpriseGRC Solutions lead architect, Robin brings team experience leveraging platforms such as Oracle, Archer, SAP, Web Applications like Joomla, Visual Studio, Access and SharePoint. As an Archer Certified Consultant and SharePoint architect, she’s known for successful GRC implementations, supplying overall design, development and training to companies ranging from start up to fortune five hundred. Over the last decade Robin has architect more than 70 GRC programs, delivering end to end solutions with full knowledge transfer to program owners and users. Corporate leadership includes acting as technical liaison for ISACA in development of the OCEG Redbook V1, TC Co-Chair for OMG’s Open Regulatory Compliance Architecture (ORCA) project, working with co-chairs EMC’s Chief Governance Officer, Dr. Marlin Pohlman and world expert, Dr. Said Tabet. Robin’s companies remain active in emerging standards with participation on recent releases from ISACA® for both Oracle R12 and SAP ECC 6.0 controls. Ms. Basham is also past president for the Association for Certified Green Technology Auditors, ACGTA, a frequent committee contributor to the ISACA Silicon Valley Chapter and liaison to the ITSMF SV chapter, as well as frequent participant in Cloud Security Alliance local chapter. EnterpriseGRC Solutions is recently added to the Cloud Credential Council and is named to the certification committee of The Holistic Information Security Practitioner Institute (HISPI). EnterpriseGRC Solutions® is an active sponsor to Information Systems Audit and Control Association, ISACA®, listed as corporate sponsor and many time CobiT® trainer for the ITGI. Visit http://enterprisegrc.com
2-4 Session Description: Using COBIT 5 Process Assessment Model (PAM) and Cloud Audit Methodology: ISACA Guidance to our Every Day activities to Assess company Services that Extend to the Cloud
Part 1: This is an introduction to the newly updated ISO/IEC 15504 compliant, COBIT 5 Process Assessment Model (PAM). This model is the basis for the assessment of an enterprise’s IT processes against COBIT 5. The assessment model is useful for identifying the enterprise’ current state, setting targets for desired improvement, and recognizing progress in implementing the processes that support and enable excellence in strategic alignment, value delivery, risk management and resource management. Use of the COBIT 5.0 Process Assessment Model gives and evidence and standards based assessment of process capability.
Part 2: This component of the discussion is a live demonstration showing a SharePoint implementation using ISACA's Cloud Computing Management Audit Assurance Program, and mapping to an existing CobiT driven compliance self assessment programs used to meet SOX ITGCC audit requirements.
2-4 Sponsoring Organization
Benefits and Potential Drawbacks to implementing SAP as a Hosted Solution; How ERP Controls are Same and Different when Serviced In the Cloud
Presenter, Mark Richter, President, iStreet Solutions, LLC, Mark Richter has over 30 years’ experience helping companies improve profits and uncover additional economic value by applying enterprise best practices and the latest in information technology solutions.
More About Mark Richter: His vision is transformative and critical to creating the iStreet Services Platform as he blends cloud and virtualization technologies, with the security considerations demanded of dedicated platforms. His career began at Hewlett-Packard where he held various technology and leadership positions, moved to VoIP startup Appiant Technologies and then Ragingwire Enterprise Solutions. Before founding iStreet Solutions in 2004 he served as business application hosting Infrastructure Practice Director at Rapidigm, now a part of Fujitsu Consulting. Mark holds an MBA and Bachelor of Science degree in engineering.
iStreet Solutions specializes in Managed Hosting, Colocation, Disaster Recovery, Dedicated Hosting, and Managed Colocation. ERP and CRM applications from SAP, Microsoft, and Oracle, delivering SAP hosting since 2005.
2-4 Session Description: Similarities, Benefits and Potential Drawbacks to implementing SAP as a Hosted Solution - This session examines several common audit programs as outlined ISACA's Security Audit and Control Features for SAP ECC 6.0 guidance and as recommended in general ERP compliance practice. Visit http://www.istreetsolutions.com/
2-6 Sponsoring Organization
Staying In Bounds - The Feedback we Need to Comply
Presenter, Fred Kost, Head of Product Marketing at Check Point Software Technologies
Fred Kost brings a wealth of marketing and security experience and a passion for security. Prior to joining Check Point, Fred was director of security marketing for Cisco where he led marketing for the portfolio of security products and solutions. Fred has extensive network security experience spanning both established industry leaders and early stage ventures. (Continued)
More About Fred Kost: (continued) He has held technology marketing and development positions with Recourse Technologies, Symantec, nCircle and Blue Lane Technologies. Fred earned a Bachelor of Science in Electrical Engineering from Purdue University and an MBA from the University of North Carolina.
2-6 Session Description: What are the business problems that security products should be trying to solve. Are we in a world of absolutes? What does it take to be resilient? How does a company take risks and still stay within bounds?
2-7 Sponsoring Organization
2-7 Panel Discussion: Trust Services in Cloud Based Business, Session Description: Companies depending on SOC 1, SOC 2 and SOC 3 need to be clear in the extent of exposure analysis and more transparent in what they commit to external reporting. This panel includes Directors in Information Audit who have specific experience in assisting public and private companies in selecting and achieving external reporting requirements. The session will consider where the current standards need improvement and how new frameworks from AICPA and ISACA can assist in filling gaps.
Moderator to be named soon
Jay Swaminantham, CISA, CPA, CRISC, Director SOAProjects, provides Internal Audit and IT risk consultation to his clients. Jay has more than 10 years of experience in varied industries. In his current role at SOAProjects, he specializes in implementing optimization and process improvements for his clients in compliance and other areas. His expertise includes
More About Jay Swaminantham: (continued) in depth knowledge of Oracle EBS, related tools and methodologies to evaluate the ERP system. Prior to SOAProjects, Jay was with the Risk Advisory Services in Ernst & Young. He was responsible for managing and executing review of IT systems as part of financial and Sarbanes-Oxley 404 audits of major corporations like Seagate, Spansion, and Copart. Jay was an Oracle Subject Matter Resource (SMR) at Ernst & Young practice and instructed various Oracle training sessions. Jay earlier worked for Oracle Corporation, validating business designs and systems for the Oracle E-business Suite. He was a practicing Chartered Accountant in India and provided assurance, internal audit, taxation and other consulting services. Jay is the recent past President of the ISACA Silicon Valley chapter and successfully lead the 830-member organization, steering goals and objectives and in collaboration with a team of board members, executes programs for the benefit of the members. He instructs the CISA review courses and is a regular speaker at different conferences. Jay is a CPA, a Chartered Accountant and an undergraduate in Management from Bangalore University. He holds CRISC, CISA and ISA certifications.
2-7 Sponsoring Organization
Harshul Joshi, CISSP, CISA, CISM, Director PwC, As a Director in the security practice with primary areas of focus in IT security and compliance based risk assessments, Harshul's expertise includes Threat and Vulnerability modeling and security architecture. He has worked with various compliance standards including (continued)
More About Harshul Joshi: (continued) PCI (Payment Card Industry), Sarbanes Oxley 404, GLBA (Gramm Leach Bliley Act), PCI (Payment Card Industry) and SAS 70. Harshul has worked in Fortune 100 companies assisting with IT compliance, audit and security initiatives and is an internationally known speaker. Some of the sample topics he speaks on include PCI, Wireless Security, Auditing Firewalls and Intrusion Detection, Risks of IT Outsourcing and Offshoring and Performing IT Risk assessment from a Business stand-point. He has spoken at various conferences in Singapore, India and in United States. He is a regular speaker at ISACA North American Conference as well as Network Security Conference. Harshul is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM). Harshul has an MBA in International Business and a MS in Information Systems. Prior to joining PwC, Harshul was a Director of Technology consulting for CBIZ MHM LLC, where he headed the security practice creating and delivering risk assessment services. He also spearheaded IT security and compliance at Sony Corporate audit group performing compliance and audit assessments for Sony Electronics, Sony Music and Sony Pictures. Prior to joining Sony, Harshul was a Security Architect with Verizon / GTE.
2-7 Sponsoring Organization
Jeremy Sucharski, CISA, CRISC is a Director in Armanino McKenna’s CFO Advisory Services Practice. He is the Governance, Risk and Compliance practice leader. (continued)
More About Jeremy A. Sucharski: (continued)Jeremy has over 12 years of experience in audit and consulting with a strong focus on SOX, SOC audits and information security consulting. Jeremy currently leads the Governance Risk and Compliance (GRC) and SOC audit practices at Armanino McKenna. Prior to joining AMLLP, Jeremy worked in the Deloitte ERS practice focusing in IT Internal Audit. Prior to Deloitte, Jeremy spent several years with the Federal Government in various finance and IT-related positions.
Throughout his career, Jeremy has focused on assisting clients in designing processes and controls that strike the proper balance between the need to protect a company while not being unduly onerous and restricting their ability to innovate. Jeremy has served clients in a variety of industries including transportation, high technology and consumer products.
2-7 Sponsoring Organization
Sumit Kalra, CISA, CISSP, is a Director at Burr Pilger Mayer, where he manages the Assurance Services practice specializing in information technology, SAS70 Audits, and assessments. His 12 years of industry experience include 6 years at (continued)
More About Sumit Kalra: (continued) international CPA firms, and 6 years at companies in the technology, consumer products and financial services industries. His knowledge base spans a variety of ERP solutions and complex infrastructure implementations. Sumit has a BS in Accounting and Computer Information Systems from San Francisco State University. Visit http://www.bpmllp.com
2-7 Sponsoring Organization
Brian K. Taylor, CISA, is the SR Director of Compliance, Systems and Tools at NetSuite Inc. (NYSE: N). In this role, Brian is responsible for IT Compliance in such areas as SOC 1/2, SOX ITGC, EU Safe Harbor, and PCI DSS. Brian established and grew NetSuite’s IT Compliance practice, (continued)
More About Brian Taylor: (continued) leading the teams that first successfully implemented and achieved SAS 70 and PCI DSS, as well as growing and managing the SOX/Internal Audit team. Before taking on his current responsibilities, he worked on the NetSuite Product Management team, managing customization, scripting, administration, and integration products. He is additionally responsible for the team within NetSuite that runs the company on the NetSuite OneWorld product, as well as an engineering release team. Brian has worked for NetSuite for 12 years, has 10 years experience in IT compliance, and more than 20 years experience in Information Technology. Prior to NetSuite, he worked as a Compliance and Design Engineer at Lucent Technologies. He is a Certified Information Systems Auditor (CISA) and holds a Bachelor of Arts and Science in English and Computer Science from UC Davis. Visit http://www.netsuite.com
ISACA SV Board Members
(This 2 day event counts towards 16 hours of Continuing Professional Education or 14 CPEs.)
Your friends and collegues at ISACA Silicon Valley chapter can't wait to see you. This year's event is going to be fascinating, excillerating, and a lot of fun.
We also hope you join us in giving special thanks to the conference committee volunteers, without whom, such events would not be possible. Providing weekly meetings, binding flyers, drafting letters, being a liaison to our graceous speakers, updating and proofing our brochures, and assisting in the overall quality management of the Summer Conference, we acknowledge, Bala Krishnan, Almaz Tesfamarian, Sivakumar Natesan, Brendan Lewis, Monica Pope, Prasad Sanjeevaiah, Pratul Kant and Marlin Pohlman. We also thank Pat Kumar, Robert Ikeoka, and Ruchi (Verma) Gupta for their added Board of Directors responsibilities in coordinating our conference business, and for all the wisdom provided by the full membership of our board. Your support is greatly appreciated.
Holistic Information Security Practitioner Institute (HISPI) welcomes EnterpriseGRC Solutions as member of their HISP Certification Board/Committee Read More
ITpreneurs is proud to name EnterpriseGRC Solutions as its newest certified partner. ITpreneurs and EnterpriseGRC Solutions will collaborate to increase Cloud and Virtualization concepts and controls, ISO 27001, COBIT and ITIL courses offered through EnterpriseGRC Solutions. “Every member of my organization has achieved at least one certification through ITpreneurs, and this is the second company that I’ve founded with that same promise. [...] It is a proud day, that we can be a part of ITpreneurs’ landmark efforts to bring forward CompTIA Cloud Essentials training and certification. - Robin Basham, Managing Partner.