Venue: SABA Software

4120 Dublin Blvd. Amenity Hub, Dublin, CA 94568

Members – $55 / Non-Members – $75 / Member Sponsors (Paying it forward) $100 / Students – $35
Past Presenters – Your thank you certificate entitles you for one free admission
Platinum, Gold, Silver, Sponsors – communicate your guestlist no later than November 1st

Note that luncheon will be a hot KEYFACTOR sponsored plate and our profits for the November conference will be used towards Spring Scholarship. If you would like to propose a strong candidate for ISC2 East Bay support, please reach out to Director Education, Jing Zhang or Director Communications Outreach Maura Jones

• Chapter Mission + Brother and Sister Organizations and the Industry Mission – Guest ISC2 SV, ISSA, CSA, ISACA
• About your Board and Committee:
• About Our Breakfast Sponsors:

Responsibility in the Cyber/Cognitive Era

Chairman Of The Board at The Good Data Factory

Session Description: Humanity is entering an exciting era where technological advancements have made it possible for us not only to change how information is processed, but how information changes how we think and behave as conscientious independent and social actors. With these new found powers comes the awesome responsibility, as creators and consumers, to properly reframe our mindsets, develop new skills and deploy modern tools that continue to serve humanity in harmony with our environment.

About your speaker: chairman of the board at the good data factory, recent CTO & VP of enterprise architecture at Sephora, Ali Bouhouch is a transformational technology executive with over 20 years of success in leading consulting, software and data engineering teams and delivering cutting-edge solutions in e-commerce, client experience and advanced analytics. Ali has deep experience in leveraging emerging technologies like cloud, big data, in-memory and cognitive computing to drive success throughout the customer journey in digital marketing and retail. Prior to joining Sephora, Ali was at grid dynamics where he led a globally distributed team serving the technology needs of leading retailers like Macy’s, kohl’s and American Eagle Outfitters. Before that Ali held leadership positions at Forrester, Tibco and WIPRO. Ali has been a valuable member of the senior executive team at small silicon valley startups as well as global enterprises. Ali holds a bs degree in electrical engineering from San Diego state university and an MS Degree in computer science from Arizona State University.

About your speaker: Chairman Of The Board at The Good Data Factory, recent CTO & VP OF ENTERPRISE ARCHITECTURE AT SEPHORA, Ali Bouhouch is a transformational technology executive with over 20 years of success in leading consulting, software and data engineering teams and delivering cutting-edge solutions in e-Commerce, Client Experience, and Advanced Analytics. Ali has deep experience in leveraging emerging technologies like Cloud, Big Data, In-Memory and Cognitive Computing to drive success throughout the customer journey in digital marketing and retail.  Prior to joining Sephora, Ali was at Grid Dynamics where he led a globally distributed team serving the technology needs of leading retailers like Macy’s, Kohls and American Eagle Outfitters. Before that Ali held leadership positions at Forrester, TIBCO and WIPRO. Ali has been a valuable member of the senior executive team at small Silicon Valley startups as well as global enterprises.  Ali holds a BS degree in Electrical Engineering from San Diego State University and an MS degree in Computer Science from Arizona State University.

About The Good Data Factory: In a world drowning in data and starved for information and actionable insight, The Good Data Factory steps in to fill ever-increasing skills and capability gap. We serve as a strategic data science partner to our clients, from startups to large corporations, either having an in-house team of data analytics or not, and we help them to effectively shape their business strategies and create a sustainable competitive advantage in the digital and experience economy. Our team of Data Engineers and Data Scientists bring a disciplined approach to the treatment of data throughout the Data Science pipeline. They ensure data is available in a purpose-fit format and quality at every stage of the Data Science lifecycle without compromising the integrity of the original raw data corpus. Our Data Scientists are Mathematically grounded with PhDs and Post-Doctoral on-going research in Abstract and Applied Mathematics. They are skilled in multiple modeling approaches and capable of understanding a problem domain, characterize its dimensions of complexity, project it into the appropriate solution space to reduce complexity and surface latent or hidden attributes and patterns leading to simpler and better performing algorithms than the usual brute force approach. We are working with clients from varying industries including Retail, Digital Marketing, Banking, Insurance and Energy. Give us your most challenging Data, Analytics or Data Science problem and let us show you a different way at solving it effectively and efficiently.

Doug Meier, National Director of Information Security & Data Governance

Session Description: Session Description: Why you shouldn’t be building a security program – because you’re just going to do it the wrong way
Detail: Modern Security programs are built with the best of intentions, addressing immediate concerns and focusing on short-term tactical needs to protect and secure the business. While this all-too-common strategy produces positive benefits in the short-term and can establish a security ethic into the organizational mindset, it sacrifices long-term vision and scope. This commonly accepted, ad hoc approach is a major contributing factor in why the average tenure of a security professional is between 18 months and two years. We come in and solve some problems, but we tend to wear out our welcome and don’t stick around very long. There are reasons for this that we don’t like to consider. One is that security programs are too focused on issues du jour and not focused enough on the hard work of continually aligning security program objectives to the organization’s strategic objectives. Another reason is that we tend to believe our own hype — that is, cling to the tired security program dogmas of 10 and 20 years ago. Until we confront our own assumptions and failings, we will continue, as a profession,  to slip further behind the curve of reality. In this session, Doug identifies how we need to challenge fundamental assumptions and re-prioritize our efforts accordingly to contribute meaningfully and consistently to the success of the organization over time.
Your perception of what it takes to build a security program is probably incorrect

Michelle Finneran Dennedy, Chief Executive Officer at DrumWave

Session Description: Data is a new asset class.  If data is– as we believe–  an element of community, culture,  and commerce, how does this relate to privacy and security? There is a way of looking at data as a society and technical community, where we can put data elements together into a system that focuses on humans as opposed to APIs or gear.  When we do look at data and the possibilities of data rather than purely technical elements, we start to protect these more comprehensive “systems” from unethical attackers, political attackers. When we think about data as an asset class, we can start to think more and differently about how data impacts our world.

About your speaker:  Michelle’s work has included a number of positions and side projects that all advance the respect for human information.  “we work to raise awareness and create tools that promote quality, integrity, respect and asset-level possibilities for information assets. I have a passion for building better technology that matters. I also work closely with families, executives, innovators and dreamers at all levels and in businesses & organizations at all stages to support the combination of policy, practice, and tools. “

About DrumWave: the data company for business people, data scientists, analysts, all types of students – and you. Powered by extreme data-value engineering and visualization, drumwave solutions enable users to dynamically capture, combine, analyze, pack, price, sell and deliver data value for internal and external uses. Our diverse team of thinkers and doers – experts in data science, mathematics, analytics, biology, business management, design, telecommunications, education, advertising and print and television media-are committed to unlocking the value of data for monetization and intelligence. Learn more at http://www.drumwave.com

Private tables and appointments during afternoon sessions – sign ups during open lunch – CPE’s for follow up

Eric Heitzman, Director of Business Development

About Your Speaker: Eric Heitzman, Director of Business Development
Eric helps Security Compass’s largest customers (in finance, technology, health, oil & gas) address Security, Privacy, and Compliance for software applications at scale. Eric is career application security expert (security consulting, static analysis, and dynamic analysis) .

About Security Compass: Security Compass is a software security company that offers professional advisory services, training, and SD Elements, a first-of-its-kind “policy to execution” platform. We help to eliminate security vulnerabilities in mission-critical applications, so that regulatory and compliance standards are easily met.

Session Description: Managing IAM in a startup world through automation

Appropriate Identity and Access Management in the corporate world is a critical function to ensure one’s security posture. You don’t need to spend millions to get it right! You don’t need to have resources dedicated to managing it!
This talk will focus on how through automation, crowdsourcing and simple processes, one can ensure your employees only have the access they need. For example:
– our quarterly employee access review takes 5 minutes.
– terminated employees loose access within 5 minutes of leaving the premisses.
– provisioning of new employees is mostly automated based on role mappings.You can do all this without breaking the bank and have time to focus on the bigger problems! At the end of the day, humans are humans… they are unreliable! If you have regulatory or compliance requirements around IAM, you have no choice: you need to automate.

About your speaker: “It all started with early e-commerce sites storing item prices client-side!
A tinkerer from an early age and the constant need to feed my curiosity have been critical skills to my Information Security career.
With strong technical skills that I keep current and some amount of business acumen, I realized early that my role was not to build mini Fort Knox everywhere I went but instead teach people new skills: I am an evangelist helping organizations understand enough about the risk dimension associated to security and privacy – just as we understand financial, brand or contractual/legal dimensions in our daily activities.
I am also an enforcer! Not the one that carries a weapon – instead, I keep us honest by providing a platform for self-policing. “

Session Description: Blockchain is the most hyped technology in recent years. There is no industry that will not, allegedly, be disrupted or revolutionized by digital ledger technology, cryptocurrency, asset tokenization, or Smart Contracts. Cybersecurity and regulatory technology are no exception, but are there legitimate commercial applications? Is it just hype? Or is blockchain technology something that will actually be useful for information security professionals, and for governance, risk and compliance professionals?  What are the use cases? How do we get there from here?

About your speaker: Ron Herardian has a 20-year track record of success in enterprise software as a founder, investor, board member and advisor serving in multiple engineering, consulting and CxO roles. In his last role, Mr. Herardian was responsible for operations including DevOps and InfoSec, including SOC 2 and GDPR compliance.  Ron Herardian has a 20-year track record of success in enterprise software as a founder, investor, board member and advisor serving in multiple engineering, consulting and CxO roles. In his last role, Mr. Herardian was responsible for operations including DevOps and InfoSec, including SOC 2 and GDPR compliance. Mr. Herardian, who has worked for IBM Lotus, Cisco and Oracle in the past, is a graduate of Stanford University, a member of the Institute for Electrical and Electronic Engineers (IEEE) and a Senior Member of the Association of Computing Machinery (ACM). He is a speaker at conferences and events, as well as a published author who has co-authored a book and written many whitepapers and articles.

About Basil: Basil is a revolutionary new DevSecOps framework that prevents security and operational mistakes, as well as malicious insider actions; a secure middleware layer that performs code execution or data access on behalf of human or machine users. Users are defined, and security rules are stored on the blockchain. User actions are digitally signed, so that rule changes, approvals, and other actions are recorded on the blockchain. As a result, Basil creates a chain of integrity through the CI/CD pipeline.

Session Description:

if you have a business culture that is not psychologically safe for all types of people, you have a culture of mistrust. In a culture of mistrust, people- especially marginalized people- will withhold information, avoid admitting mistakes, and be generally disengaged in ways that can dramatically reduce their efficacy. If disengaged employees are dealing with matters of Security and Privacy, a LOT can go wrong. Homogenous leadership leads to biases- many of them unconscious- that can cause your company to be susceptible to security breaches caused by social engineering. An essential element for creating a culture of trust and psychological safety is to ensure that the Leadership team is diverse and inclusive.