*Sales have ended for this event. Email robin.basham@isc2-eastbay-chapter.org for questions or concerns about registration.
Our one-day event will be held on the Livermore campus of Las Positas College, and our speaker events combine a 100+ attendee auditorium with tabletop and interactive training.
- Are GRC Platforms keeping pace with AI, Third-Party Risk Management, SCRM, ESG, DevOps, Business Continuity, Zero Trust Strategy, and continuous changes in Regulatory Compliance?
- Has our GRC approach drifted further away or brought us closer to a reasonable Cybersecurity Posture?
- Do you have a story to tell?
Attendees receive up to 8 CPEs for attending and providing feedback on their participation. Contact conferencecommittee@isc2-eastbay-chapter.org to let us know you want to help with speakers, serving food, coordinating live demos, signage, sign-in tables, or building and breaking down activities. If you can volunteer to mentor, coach, or hire interns, please contact careers@isc2-eastbay-chapter.org
Pricing:
- Non-Member – $145
- ISC2—ISACA—ISSA Member – $125
- Student – WE ARE AT MAX STUDENT ENROLLMENT
- Member Sponsor (Paying it Forward) $100 as a charitable donation.
Conference Sessions & Schedule
8:50 AM Greetings from ISC2 East Bay Chapter President Erica Cunningham and our Las Positas College Host, Beth McCormick, Employer Engagement Specialist.
Welcome Students. Welcome Entrepreneurs. Welcome Cyber Professionals and Job Seekers.
Session One – 9:00 to 9:30 AM | Robin Basham – GRC, Why Nobody Wants it – EnterpriseGRC Solutions
Governance, Risk, and Compliance Platforms are meant to include managing our cybersecurity risks, but in most cases, GRC has not prevented our most serious breaches. Are our investments keeping us safe?
- What is the problem we are trying to solve?
- How do we balance what we collect against what we have to report?
- Are regulatory requirements making us safe?
- Is GRC an end to itself, and has it lost its way?
- Is ZTA just GRC on technology steroids, or is it time to accept nothing less?
- Can humans manage regulatory requirements?
- Do we have enough information to use LLM to make GRC automation accurate and safe?
- Does our current GRC investment make the brass ring of reasonable cybersecurity risk posture closure or further away?
Robin Basham: As owner EnterpriseGRC Solutions, Recent Past President and Conference Chair of ISC2 East Bay Chapter, Certified Information Systems Security (CISSP), Auditor (CISA), Governance (CGEIT) and Risk (CRISC), GRC Expert, leader among Cloud Security Alliance (CSA) NIST SP 800-53 r5 and CISA Zero Trust Maturity CCM Mapping and Gap Assessment Working Groups (more), Robin is a GRC & Cloud Cybersecurity trailblazer. EnterpriseGRC clients accomplish automated, integrated audits, leveraging secure configuration baselines mapped to over 25 in-demand cybersecurity frameworks. Her industry experience includes running companies and departments that supply services via compliance management systems, policies, processes, and well-formed data for SaaS (IaaS and PaaS), Insurance, Finance, Life Science & Healthcare, Banking, Education, Defense, and High Tech. Robin is a “hands-on leader” known for depth in data architecture, programming languages, policy development, and delivering work products that pass major regulatory certifications. Some positions include Virtual CISO, Technology Officer at State Street Bank, Leading Process Engineering for a major New England CLEC, Sr. Director & VP Enterprise Technology for multiple advisory firms, founding & engineering products, and running two governance software companies. You may remember working with Robin as the Director of Enterprise Compliance at Ellie Mae (ICE), a Cisco, Unified Compliance, and ISMS Program Manager, or a consultant providing LSHC support to several MDM clients. Robin is also known for donating substantial time to supporting social platform security with hopes of furthering social civil democracy.
EnterpriseGRC Solutions offers web-enabled compliance implementation, training, and security and risk management services. Facilitate compliance management tools to help companies monitor and report on governance, compliance, and risk (GRC) across the enterprise. GRC stands for Governance, Risk, and Compliance and is a framework that helps organizations manage risks, meet regulations, and align IT with business objectives. EnterpriseGRC Solutions specializes in mapping cybersecurity requirements across multiple external frameworks.
Session Two – 9:45 to 10:15 AM | Pragmatic Compliance – Rebecca Allen Diamond, Information security GRC leader and compliance program builder, Zyston
Topic: Pragmatism in the face of constant cybersecurity challenges; GRC has evolved; how do you keep up with the changes?
Rebecca (Becca) Allen Diamond brings a unique perspective to GRC based on her 20 years of experience in cyber. While her time at NASA taught her how to build effective government GRC programs, her time at Symantec allowed her to gain valuable insight into private-sector GRC programs. Becca has worked with over 100 clients across various industries as a senior manager at EY. She also has experience building security program management platforms as a leader at Zyston and Blue Lava. Seeing all these aspects of security and all sides of the table has given her deep knowledge of making compliance programs work.
Zyston is a managed security service provider dedicated to providing businesses with a comprehensive range of end-to-end services. We focus on solutions required to build and operate a mature and cost-effective information security program. https://www.zyston.com/
Session Three – 10:15 to 10:45 AM | The Future of Customer Trust – Bryan Culp, Box
The Future of Customer Trust – As Customer Trust emerges as a key business function and potential career path, we’ll discuss what it is, why it matters, and how we can work together to make it easier and more effective.
Bryan Culp leads Trust & Quality within Box’s Governance, Risk, and Compliance (GRC) group and is responsible for Customer Trust, GxP GTM, Third Party Risk Management, the company’s Policy Program, and Quarterly Management Review. He previously led the Customer Trust team in Cisco’s Security & Trust organization.
He is passionate about how SaaS companies build, maintain, and grow trust with customers and partners. He advocates for Environmental Social Governance (ESG) and participates in his local ISC2 and ISACA chapter meetings. Other interests include reading and writing, traveling, and being in nature.
Bryan’s LinkedIn articles at: https://www.linkedin.com/in/bryanculp/recent-activity/posts/
2021 book Bryan was the co-contributing editor for: “Back to Basics: Focusing on the fundamentals to boost cybersecurity and resilience” – Areas of expertise: Audits | Certifications | Common Controls | Contract Negotiations | Customer Trust | Governance, Risk & Compliance | GxP | Metrics & Reporting | Organizational Design | Policies & Procedures | Privacy & Data Protection | Process Optimization | Sales Enablement | Security | Strategy, Planning & Operations | Team Building | Third Party Risk
Box is the world’s leading Content Cloud. More than 115K organizations worldwide, including nearly 70% of the Fortune 500 and leaders across intensely regulated industries, trust us to protect their data, fuel collaboration, and power critical workflows with secure enterprise AI. See box.com for more information.
Quick Break and Announcements from Careers, Programs, and Education
Session Four – 10:55 to 11:30 AM | AI Governance & Compliance by Design, Varun Prasad, BDO
Topic: AI Governance By Design
About Varun Prasad: Varun is a managing director at BDO’s third-party attestation practice. In his current role, he works with tech companies to evaluate their cybersecurity posture and assess compliance with SOC 2 and various ISO standards to help them meet customer requirements and build trust with stakeholders. He focuses on complex and emerging security, privacy, cloud, and AI assurance requirements.
Varun is an IT audit and risk management professional with 15+ years of progressive experience gained through various roles for Big4 firms and world-leading corporations across multiple geographies. He has managed and executed a variety of IT audit-based projects from end to end. He has provided various IT audit and assurance services, such as SOC 1/SOC 2 examinations, ISO 27001/42001/22301 audits, cybersecurity assessments, SOX testing, and privacy reviews. Varun is the VP of the ISACA SF chapter and part of ISACA’s IT Audit and Assurance Task Force.
BDO delivers assurance, tax, and financial advisory services tailored to our client’s industries, unique needs, and goals. BDO USA, P.C., a Virginia professional corporation, is a U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. For more information, please visit www.bdo.com.
Session Five – 11:30 AM to 12:00 PM Chandra Sekhar Dash | GRC Evolution | Sr Director – GRC | Ushur
Chandra is a seasoned professional with over 20 years of expertise in Governance, Risk, and Compliance (GRC), IT/OT Security, Cloud Security, and Cybersecurity Operations. As the Senior Director at Ushur Inc. in California, he leads a dedicated GRC and Cybersecurity team, leveraging his extensive experience with Managed Security Providers, consulting firms, and IT system integrators across various sectors, including Pharmaceuticals, Chemicals, Government, Healthcare, Telecommunications, Banking, and R&D. Chandra specializes in security assessments, compliance reviews, and AI governance, effectively managing security operations and programs to enhance organizational security. His notable achievements include leading certification programs like HITRUST, SOC2, and ISO27001 and compliance programs such as PCI-DSS, GDPR, HIPAA, CCPA, TCPA, and PIPEDA.
Ushur is an AI-powered, no-code Customer Experience Automation (CXA) SaaS platform headquartered in Santa Clara, California. Ushur’s solution seamlessly integrates process and conversation automation, enabling large enterprises to optimize workflows and back-office operations. By eliminating manual tasks, Ushur delivers significant value, allowing organizations to redeploy human capital towards higher-value business initiatives. Ushur specializes in enhancing customer experiences within highly regulated industries, partnering with Fortune 100 companies to drive transformative results while adhering to compliance and regulatory requirements. Ushur products are HITRUST and ISO 27001 certified and compliant with SOC2, PCI-DSS, GDPR CCPA, etc. Ushur platform revolutionizes interactions across critical touchpoints—encompassing customers, partners, claimants, and patients—empowering businesses to grow and optimize their operations effectively.
Lunch
Catered lunch includes options from https://freshnatural.com If you have specific dietary needs, such as Gluten Free, you should notify conferencecommittee@isc2-eastbay-chapter.org
Keynote, Session Six – 1:00 to 1:45 PM | The Lost Art of Information Assurance | Jacob Horne, CMMC Town Crier | Ask me about NIST cybersecurity controls | Smashing compliance frameworks for fun and profit | Cyber policy wonk | Summit 7
Topic: The Lost Art of Information Assurance
About our Keynote: Jacob Horne, the Chief Security Evangelist at Summit 7, where he specializes in DFARS, NIST, and CMMC compliance for contractors in the Defense Industrial Base.
As a former NSA intelligence analyst and U.S. Navy cryptologic technician, Jacob has over 15 years of experience in offensive and defensive cybersecurity operations.
As a civilian, he has led Governance, Risk, and Compliance teams at AT&T, Northrop Grumman, and the NIST Manufacturing Extension Partnership.
He has developed and taught numerous cybersecurity training programs for organizations, including UCLA, UC Irvine, and the NSA National Cryptologic School.
Jacob has a master’s degree in cybersecurity risk and strategy from NYU and an MBA from the UC Irvine Paul Merage School of Business.
About SUMMIT7: SUMMIT7 protects the American Dream by Securing the Warfighter.
“Our specialty is enabling Department of Defense contractors to win more contracts through next-level cybersecurity and compliance. We help the defense supply chain protect America’s data and future generations of United States Warfighters by implementing the right security and compliance measures in the Microsoft Government Cloud. With over 900 Defense Industrial Base suppliers as customers, we’re experts in CMMC, CUI, ITAR, NIST 800-171, and DFARS.
Session Seven – 1:45 to 2:30 PM – Steve Wilson returns to share the release of his new book.
CPO at Exabeam | Lead for OWASP Top 10 for Large Language Model AI Security | Driving AI-Powered Product Innovation
Topic—After Steve’s fantastic AI training at the March conference, we’re asking Steve Wilson back to discuss releasing his new O’Reilly book, The Developer’s Playbook for Large Language Model Security.
About Steve Wilson: Chief Product Officer at Exabeam, Steve Wilson leads product strategy, product management, product marketing, and research. He is a leader and innovator in AI, cybersecurity, and cloud computing, with over 20 years of experience leading high-performance teams to build mission-critical enterprise software and high-leverage platforms. Before joining Exabeam, he served as CPO at Contrast Security, leading all aspects of product development, including strategy, product management, product marketing, product design, and engineering. Wilson has a proven track record of driving product transformation from on-premises legacy software to subscription-based SaaS business models, including at Citrix, accounting for over $1 billion in ARR. He has experience building software platforms at multi-billion dollar companies like Oracle and Sun Microsystems.
Wilson is also a project leader at the Open Web Application Security Project (OWASP) Foundation, where he has assembled a group of over 400 experts to create the first industry-standard, comprehensive reference project called the “Top 10 List for Large Language Model Applications.” The list educates developers, designers, architects, managers, and organizations about the potential security risks when deploying and managing generative AI and other large language models (LLMs). He holds a degree in Business Administration from the University of San Diego and a second-degree black belt from the American Taekwondo Association.
About OWASP: owasp.org The Open Worldwide Application Security Project is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in IoT, system software, and web application security. The OWASP provides free and open resources.
About Exabeam: Exabeam is a global cybersecurity leader and creator of New-Scale SIEM™️. We help organizations detect threats, defend against cyberattacks, and defeat adversaries, offering a new way for security teams to approach threat detection, investigation, and response (TDIR). By combining the scale and power of the cloud with the strength of our industry-leading behavioral analytics and automation, organizations gain a more holistic view of security incidents, uncover anomalies missed by other tools, and achieve faster, more accurate, and repeatable responses.
2:30 – 2:45 PM Vendors will speak briefly about their respective tables as the cake break and coffee is placed at the back of the main presentation hall.
2:45 – 4:00 PM CAKE BREAK & Networking – Meet a mentor, an author, a vendor, an employer
Attendees earn credit by meeting with our vendors and documenting their interactive commitments using our online feedback form. In keeping with giving each keynote first dibs on the primary dessert offering, Jabob Horne has selected CARROT CAKE. An array of healthy snacks and coffee will provide us with an afternoon boost.
This Open forum uses tables and break-out rooms with our frequent sponsors and trusted Vendors.
Our Vendor Labs are run by Cory Brown, Director of Programs, with the support of his team.
Platinum Sponsor: Stellar Cyber
Greetings from Virtual Platform Leader and ISC2 East Bay Platinum Sponsor: Stellar Cyber Making Security Operations Simpler – The only Open XDR platform built for lean security teams that anyone can use. Your live Engineer is Daniel Cheng, our Education Director.
About: Stellar Cyber’s Automation-driven Security Operations Platform, including NG-SIEM and NDR and powered by Open XDR, delivers comprehensive, unified cybersecurity without complexity. It empowers lean security teams of any skill level to secure their environments successfully. As part of this unified platform, Stellar Cyber’s Multi-Layer AI™ enables enterprises, MSSPs, and MSPs to reduce risk with early and precise threat identification and remediation while slashing costs, retaining investments in existing tools, and improving analyst productivity. This results in a 20X improvement in MTTD and an 8X improvement in MTTR. The company is based in Silicon Valley. For more information, visit https://stellarcyber.ai.
With Paramify, you can generate complete SSPs, ATO packages, and manage POA&Ms in just hours, not months, freeing you up to focus on meaningful security work instead of getting stuck in paperwork prison. Our OSCAL-based platform makes GRC documentation a breeze by gathering your current stack—people, places, and things—and automating your ATO and certification deliverables. Paramify supports FedRAMP, StateRAMP, TX-RAMP, CMMC and more – Let us help streamline your process, deliver faster results, save you money, and get you back to what really matters!
Meet your leaders from Paramify:
Kenny Scott is the Founder and CEO of Paramify, a groundbreaking platform that simplifies and streamlines compliance reporting for cloud service providers. Through Paramify, Kenny’s mission is to streamline compliance documentation processes for GRC (Governance, Risk Management, and Compliance) and cyber security professionals.
Kenny, with over 17 years of experience in information security and IT audit, helped to pioneer the Adobe Common Controls Framework, is proficient in compliance frameworks such as FedRAMP, StateRAMP, TexRAMP, CMMC, SOC2, ISO27001, and GDPR, holding CISSP and CISA credentials. His expertise extends to business strategy, investing, and programming, demonstrated through managing a closed fund for investors and founding a consulting practice for security programs. Outside of work, he is married to Angie Scott, a father of 5, and enjoys music, playing the guitar, snowboarding, and surfing.
Mike Schreiner is a business leader, entrepreneur, investor, and currently Chief Operating Officer at Paramify – the platform for automating compliance documentation. Paramify takes the process of generating and maintaining security documentation for compliance frameworks (including FedRAMP, CMMC, StateRAMP, SOC2, and more) from months of work down to hours, for a fraction of the cost. Mike has spent his career in startups, helping build and scale companies that solve hard problems – FedRAMP being one of the worst of those. He currently resides in Utah with his wife and four children.
Keaton Olson. Wouldn’t the world be better with fewer tedious, repetitive tasks? I certainly think so. At Paramify, we’ve created a tool that transforms compliance documentation—a process that traditionally takes months or even years—into a task that can be completed in hours. I feel privileged to be part of a team whose innovation has already saved people thousands of hours and companies thousands to millions of dollars.
Being part of this transformation, making a real difference in people’s lives—that’s what makes every day exciting for me.
MixMode is the leader in delivering AI cybersecurity solutions at scale and is the first to introduce a Third-Wave, context-aware AI approach that automatically learns and adapts to dynamically changing environments. MixMode offers a patented, self-supervised learning Platform designed to detect known and unknown threats in real time across cloud, hybrid, or on-prem environments.
Meet your table engineer: Michael Henkelman.
Mike Henkelman has thirty years of IT and security experience running Vulnerability Management programs for VMWare, edge router, and switch development for Cisco, and frequently speaks at conferences such as DefCon and B-Sides.
About Sprinto: Automating Information Security Compliances & Privacy Laws for fast-growing SaaS companies. Use Sprinto to obtain information security compliance, close enterprise deals faster, and pass vendor security assessments easily.
Meet your leaders from Sprinto:
Girish Redekar is a CEO & Co-Founder of Sprinto.com. A company helping SaaS brands become SOC-2 compliant, close enterprise deals faster, and pass vendor security assessments easily.
Previously, he built and bootstrapped RecruiterBox to 2500+ customers and 50+ employees in the US and India. Girish is a passionate programmer and entrepreneur, keen on helping other SaaS businesses demonstrate security chops and close enterprise deals faster.
Stephen Vellanoweth is an Enterprise Consultant with over 15 years of experience in cybersecurity, threat intelligence, and marketing. He has guided clients in identifying organizational gaps and implementing solutions to optimize processes. Currently, he is leading Sprinto’s expansion into the US market, assisting strategic clients in strengthening their security and governance frameworks through improved compliance, audit transparency, and automation. G2 Best Security Compliance Software
Symmetry is the Data + AI Security Company. We safeguard data at scale, detect threats, ensure compliance & reduce AI risks so you can Innovate with Confidence.
Symmetry at a glance:
Our platform is engineered specifically to address modern data security and privacy challenges at scale from the data out, allowing organizations to innovate confidently. With total visibility into what data you have, where it lives, who can access it, and how it’s being used, Symmetry safeguards your organization’s data from misuse, insider threats, and cybercriminals, as well as unintended exposure of sensitive IP and personal information through the use of generative AI technologies.
Meet your expert: Connect with Claude Mandy on LinkedIn – As an Aussie from the Namib desert who’s made the San Francisco Bay Area my home, I bring a confusing accent, a unique global perspective, and a down-under pragmatism to the cyber industry. This international viewpoint enriches my approach to developing and implementing forward-thinking security strategies. My career—a rich tapestry woven with roles from CISO to Gartner Analyst to startup executive—has been dedicated to simplifying security and bridging the gap between complex security challenges and actionable solutions.
My background as a seasoned practitioner is marked by a proven track record of navigating and anticipating the security landscape’s shifts. Known for deriving actionable insights from complex data without AI, I’m passionate about applying my extensive knowledge to enhance organizational security postures globally. https://www.linkedin.com/company/symmetry-systems-inc/
Jake Attia is a passionate technology professional with over 10 years of experience in the IT/Cybersecurity world. He began his career by establishing the IT infrastructure for an early leader in virtual reality (VR) hardware and software. He played a pivotal role in transitioning the organization from on-premise to a hybrid Azure infrastructure, making a positive impact on the global organization.
Following this, he joined an identity-as-a-service platform company, assisting customers in configuring, troubleshooting, and utilizing identity provider (IDP) services for web applications and cloud infrastructure. His expertise in cloud solutions and identity services led him to Google, where he worked on the Cloud Security and Infrastructure team. There, he solved complex challenges for some of Google’s largest cloud customers, helping them build robust security solutions in cloud and hybrid network environments.
Currently, he is working at Symmetry-Systems as a Data Security Solutions Engineer driving meaningful product changes internally and assisting large enterprise customers in enhancing their data security posture across both on-premise and cloud environments.
Symmetry Systems recently presented a fascinating topic to the ISC2 East Bay Community. To learn more, go to ISC2 East Bay Chapter – Claude Mandy State of Data Security.
About Redblock: Automation is AI’s primary Cybersecurity job. The network is no longer the perimeter, and firewalls can no longer protect devices or servers. Even a locked-down identity isn’t enough to defend against today’s adversaries, who are always one step ahead. They have the same–if not better–tools as we do and only need to be right once. Our speed is the key to protecting our critical IT/OT infrastructure. Redblock accelerates threat detection and remediation.
Meet Bill Danigelis Founding Member | Trusted Advisor | ISSA | CISO relationships | Investor | Blood Donor | Wim Hof enthusiast | and Founding Member of RedBlock ·
RedBlock AI is on a mission to eliminate the monotony of repetitive tasks that Security Teams face, particularly the “eye on the glass screen” work that demands constant vigilance. Our first product targets reducing threats from digital backdoors, such as synthetic identities, misconfigurations, and unauthorized local accounts. Leveraging AI, we go beyond simply overseeing the top 20 applications vetted by IT departments. Instead, we offer comprehensive threat detection, management, and remediation across hundreds of web and cloud applications, ensuring a broader and more effective security posture.
Be sure also to contact Indus Khaitan – Redblock – who is moderating our final roundtable.
Hiring Managers Table
Spend time with Jeremy Hein, Director of Career Development, to help further your career or fill an employment opportunity.
Meet our hiring sponsors.
Meet Blake Allen, Business Solutions Manager @ Ledgent Technology | Technology Talent & Solutions
People may recall Blake Allen sharing the 2024 Salary Guide and advice for the year ahead. Blake is back to reconnect as a sponsor and long-term ally to our chapter.
Meet Robynne Templin, Talent Acquisition Leader from Box and Sponsor. “I believe recruiting is one of the most strategic functions within a business. I have a bold opinion. Hiring people in the right role at the right time can make or break even the best strategies. Recruiting also facilitates an intimate connection with candidates, human to human. These two reasons are why I’ve invested my career in helping build outstanding teams to do great things with great people. I’m a builder and doer and deeply care about those I work with.”
Session Nine – Round Table – 4:00 to 4:45 PM AI Governance: Balancing Innovation, Safety, and Responsibility
Round Table Topic: As artificial intelligence (AI) becomes increasingly integrated into critical industries, robust AI governance is more pressing than ever. This panel discussion will explore the essential aspects of AI governance, focusing on AI safety, responsible AI deployment, configuration management, and access control.
Key issues include ensuring AI systems operate within ethical and safe boundaries, minimizing biases, and safeguarding sensitive data through stringent access control measures. Experts will examine how effective configuration management can prevent unintended outcomes and discuss frameworks that ensure accountability, transparency, and fairness in AI development and deployment.
Our moderator, Indus Khaitan, is the founder and CEO of Redblock, an AI for Cybersecurity startup based out of San Ramon. Earlier, Indus sold his mobile security startup to Oracle. Indus lives in Dublin, CA.
Automation is AI’s primary job to be done for Cybersecurity.
The network is no longer the perimeter, and firewalls can no longer protect devices or servers. Even a locked-down identity isn’t enough to defend against today’s adversaries, who are always one step ahead. They have the same–if not better–tools as we do and only need to be right once. Our speed is the key to protecting our critical IT/OT infrastructure. Redblock accelerates threat detection and remediation.
Some of our round table guests include speakers from throughout the day and:
Gopi Ramamoorthy, Head of Security, Privacy & Compliance Engg | CISO | Engineering | Startup Advisor | Speaker | GTM | CISSP CISA CIPP/US CISM, Symmetry Systems
With over 15 years in information security and compliance, Gopi Ramamoorthy has risen from engineering to leadership positions in highly regulated sectors like Finance and Healthcare. At Fiserv and Veeva, he managed security & compliance for multiple BUs, consistently maintaining an impeccable record of zero findings. Gopi’s contributions extend beyond his core work; he’s an active leader in infosec forums and served as ISC2 Silicon Valley President in 2013 and on the ISACA Silicon Valley Board from 2014-2021. He also contributed to CSA through multiple working groups. Certified with CISSP, CISA, CIPP/US, and CISM, Gopi is currently the Head of Security and GRC Engineering at Symmetry Systems. Gopi has spoken at multiple conferences on Cybersecurity and Privacy, including at RSA San Francisco! Gopi can be reached at https://www.linkedin.com/in/gopi-r/
Adnan Dakhwe Cybersecurity & Technology Leader | Security, GRC, Engineering, AI, Privacy, Customer Trust, & Assurance | Former Board Member | Advisor
Adnan is a cybersecurity and technology leader with 15+ years of experience in building and scaling security, GRC, privacy, trust, and engineering/technology teams & programs across global organizations. He combines strong technical expertise with a deep understanding of business strategy and is passionate about security, product, innovation, and entrepreneurship. Adnan’s extensive experience spans across cybersecurity strategy, architecture, AI, infrastructure/product security, GRC, IAM, business continuity, & disaster recovery across cloud, hybrid, & on-premises environments. Adnan has held key roles at RingCentral, eBay, MuleSoft, Vera, Safeway, HCSC, Protiviti & Deloitte and advises startups and enterprises as a vCISO/vCTO/vCIO.Adnan is an active advisor and thought leader in the cybersecurity space. He serves on the Advisory Board for HMG, the Advisory Council for SecureWorld, and as a researcher for the Cloud Security Alliance. He is a lifetime member of OWASP, a member of the Purple Book and GIT1K communities, and a former president/board member of ISACA Silicon Valley, where he led the chapter to four global awards. Recently, he was honored with a global leadership award from ISACA International. Adnan holds a Master’s in Computer Science, a Bachelor’s in Information Technology/Engineering, and multiple industry certifications, including CRISC, CDPSE, CISA, CRMA, and COBIT Foundation Certificate. He has spoken at numerous industry conferences and is also affiliated with ISSA, IAPP, SANS, ISC2, IIA, and ACFE. Adnan can be reached via https://www.linkedin.com/in/adnandakhwe/.
Dhawal Thakker, Principal – Cyber Risk – National Leader Governance Risk & Compliance, RSM US is the national leader in Integrated Risk Management service offering. Dhawal has over 20 years of experience assisting clients with building and implementing integrated risk management (IRM) programs. Dhawal’s experience crosses several risk domains, including information security, privacy, information technology, compliance, operations, and third-party management.
Dhawal’s experience includes building enterprise-wide unified risk and compliance programs and has led various projects helping clients mature IRM program posture through automation. Dhawal’s primary focus has been developing regulatory risk and compliance solutions, data protection programs, and strategic implementation of information security programs.
Dhawal has hands-on experience in designing, implementing, and managing GRC solutions to automate regulatory and compliance programs using tools like AuditBoard, ServiceNow, Onetrust, Archer, etc.
Anand Thangaraju, Cyber Security & GRC Leader, is a seasoned Product leader with over 20 years of experience in the Financial Services industry. Throughout his career, he has collaborated closely with CIOs, CISOs, and CDOs, gaining valuable insight into various functions such as Sales and Operations, Business Development, Data and analytics, Risk and compliance, Cyber and privacy, and Product Management.
Holding multiple roles simultaneously, Anand is a true multitasker. He wears hats as a Virtual CISO, Startup Mentor, Board Observer, Public Speaker, and Angel Investor within the vibrant Bay Area innovation ecosystem. His expertise spans Financial Technology, Enterprise Software, Cybersecurity, and Management Consulting, allowing him to provide invaluable guidance in advisory and industry roles.
5:00 PM Wrap Up, Scholarships, Raffles & Response
To receive all 8 CPEs, attendees must complete the Conference Feedback Form. ISC2 East Bay Chapter is a nonprofit organization that offers our community a safe networking experience where they can advance their interests and careers in cybersecurity.
ISC2 East Bay 2024 Sponsors
Platinum – Lifetime and Venue
- Stellar Cyber
- Securonix
- Zeiss
- Las Positas College
- Seclore
Gold Sponsors ($2,000)
- Summit7
Silver Sponsors ($1,000)
- Exiger
Bronze Sponsors ($500)
- Box
- Blake Allen
- Symmetry Systems
- TalPoint
- Zyston LLC
- EnterpriseGRC Solutions
- Pantheon
Cake Break Sponsors
- Redblock
- Mixmode
- Paramify
- Sprinto
- BDO
Please become an ISC2 East Bay Sponsor by donating to our Sponsorship Page.
Bronze or higher donations made in November through December will be reflected for all of 2025.
About ISC2
ISC2 is the world’s leading member organization for cybersecurity professionals, driven by our vision of a safe and secure cyber world. Our nearly 675,000 members, candidates, and associates around the globe are a force for good, safeguarding the way we live. Our award-winning certifications – including cybersecurity’s premier certification, the CISSP® – enable professionals to demonstrate their knowledge, skills, and abilities at every stage of their careers. ISC2 strengthens the cybersecurity profession’s influence, diversity, and vitality through advocacy, expertise, and workforce empowerment, accelerating cyber safety and security in an interconnected world. Our charitable foundation, The Center for Cyber Safety and Education, helps create more access to cyber careers and educates those most vulnerable. Learn more and get involved at ISC2.org. Connect with us on X, Facebook, and LinkedIn.
