ISACA RTC
Full Day Training

Breakfast

Arrive early and enjoy breakfast

Welcome Address Scott Hanchett / Srinivas Saraswatula

Welcome address by the chapter president and program chair

Risk in Real Life
Adam Leigh,Director, Technology Risk Management, Align Technology, Inc.

Prussian Marshall Helmuth von Moltke famously said “No plan of operations extends with any certainty beyond the first encounter with the main enemy forces.” Frameworks, guidelines, roadmaps, and plans are all essential things to have on hand, but when theory turns into practice disappointment can set in. In this session we’ll discuss some of the challenges of implementing a meaningful technology risk management program, the reasons why some controls never seem to stay working, and some thoughts on how to stay agile enough to meet your goals even when facing down the whole of the Second French Empire army.

Quick Break ,

Quick 10 minute break

Generative AI in Cybersecurity
Jim Wiggins,CEO, Securible

In the ever-evolving landscape of digital security, "Using Generative Artificial Intelligence in Cybersecurity" offers a cutting-edge exploration into the nexus of AI and cybersecurity. This session delves deep into the potentials and challenges of harnessing Generative AI to bolster cybersecurity measures. Participants will gain insights into the foundational elements of AI, the intricacies of generative models, and their practical applications in crafting cybersecurity policies, proofing documentation, and anticipating digital threats. Furthermore, the session highlights the importance of maintaining a balance between AI-powered solutions and human oversight, ensuring that security protocols remain robust, dynamic, and resilient in the face of emerging challenges. Ideal for cybersecurity professionals, AI enthusiasts, and tech strategists, this session focuses on an understanding of how the future of cybersecurity is being shaped by artificial intelligence.

Quick Break ,

Quick 10 minute break

Navigating the Risks of AI and LLMs: An End Users Guide
Jim Wiggins,CEO, Securible

As AI-powered language models become increasingly integrated into our daily lives, understanding their potential risks is crucial for every user. This talk explores the challenges posed by Artificial Intelligence (AI) and Large Language Models (LLMs), including misinformation, privacy concerns, biased outputs, and overreliance on AI-generated content. Attendees will gain insights into how these AI technologies work, the types of risks they present, and practical strategies to mitigate these risks while leveraging the benefits of AI advancements.

Adapt or Be Breached: Why Outdated Third-Party Risk Models Are Failing SaaS Security
Vishal Chawla,CEO & Founder, BluOcean Cyber

A deep dive into why traditional third-party risk management is struggling to keep up with SaaS and how organizations can modernize their approach.

Lunch ,

Enjoy a catered lunch

Network with your peers / speakers

Taming the Enterprise AI Beast: Security Guidelines for Leaders Integrating AI
Cory Sabol,Sr. Security COnsultant, SecureIdeas

As artificial intelligence (AI) becomes a cornerstone of enterprise innovation, understanding its security challenges is paramount. This talk, Taming the Enterprise AI Beast, is tailored for security leaders and technology professionals tasked with deploying and securing AI in business environments. We’ll delve into the critical security and compliance issues surrounding AI, such as data misuse, governance, and the risks associated with generative models. Participants will gain insights into actionable strategies for mitigating these risks and ensuring safe AI adoption. Attendees will walk away with a clear roadmap for integrating AI into their enterprise securely, keeping pace with innovation while safeguarding organizational integrity and compliance.

Quick Break ,

Quick 15 minute break

Network with your peers / speakers

Put Your Money Where Your Risk Is: Build a Defensible Cybersecurity Budget
Vishal Chawla,CEO & Founder, BluOcean Cyber

Focused on aligning cybersecurity investments with real business risks, ensuring security leaders can justify budgets and maximize impact.

People-Centric Approach to Determining an Organization's Exposure to a Third-Party Data Breach
Dr. Thomas Lee, CEO VivoSecurity
Christine Dewhurst,Partner, NSC Tech

In this data-driven talk, we will make sense of third-party data breach risk using regression analysis. We will show that the largest component of this risk arises simply from the sheer number of vendors that can potentially expose your company's data. We will identify which elements of current Third-Party Risk Management (TPRM), do effectively manage this cumulative-risk and we will also analyze why questionnaires, SOC 2 reports and risk-scores, do not.
Finally, we will introduce a new approach that empowers organizations to take control, enhance transparency, and effectively manage cumulative third-party data breach risk through:
- Assessing organization structure and capability through certifications.
- Determining the cumulative probability of a data breach – think Principle of least privilege.
- Identifying and actioning Tail vendors.
- Managing risk appetite by applying the fungibility Principle.

This innovative approach will bring clarity on the risk posed by third-party data breach and enable your company to fully benefit from the value that third-party partnerships bring.

Wrap UpScott Hanchett / Srinivas Saraswatula

Wrap up by the chapter president and program chair

Adjourn at 0430 PM