Our one-day event will be held on the Livermore campus of Las Positas College, and our speaker events combine a 100+ attendee auditorium with tabletop and interactive training.
- Are GRC Platforms keeping pace with AI, Third-Party Risk Management, SCRM, ESG, DevOps, Business Continuity, Zero Trust Strategy, and continuous changes in Regulatory Compliance?
- Has our GRC approach drifted further away or brought us closer to a reasonable Cybersecurity Posture?
- Do you have a story to tell?
Attendees receive up to 8 CPEs for attending and providing feedback on their participation. Contact conferencecommittee@isc2-eastbay-chapter.org to let us know you want to help with speakers, serving food, coordinating live demos, signage, sign-in tables, or building and breaking down activities. If you can volunteer to mentor, coach, or hire interns, please contact careers@isc2-eastbay-chapter.org
Pricing:
- Non-Member – $145
- ISC2—ISACA—ISSA Member – $125
- Student – $45
- Member Sponsor (Paying it Forward) $100 as a charitable donation.
- Enrolled students and educators from Las Positas, your attendance is FREE.
Conference Sessions & Schedule
Session One – 9:00 to 9:30 AM | Robin Basham – GRC, Why Nobody Wants it – EnterpriseGRC Solutions
Governance, Risk, and Compliance Platforms are meant to include managing our cybersecurity risks, but in most cases, GRC has not prevented our most serious breaches. Are our investments keeping us safe?
- What is the problem we are trying to solve?
- How do we balance what we collect against what we have to report?
- Are regulatory requirements making us safe?
- Is GRC an end to itself, and has it lost its way?
- Is ZTA just GRC on technology steroids, or is it time to accept nothing less?
- Can humans manage regulatory requirements?
- Do we have enough information to use LLM to make GRC automation accurate and safe?
- Does our current GRC investment make the brass ring of reasonable cybersecurity risk posture closure or further away?
Robin Basham: As owner EnterpriseGRC Solutions, Recent Past President and Conference Chair of ISC2 East Bay Chapter, Certified Information Systems Security (CISSP), Auditor (CISA), Governance (CGEIT) and Risk (CRISC), GRC Expert, leader among Cloud Security Alliance (CSA) NIST SP 800-53 r5 and CISA Zero Trust Maturity CCM Mapping and Gap Assessment Working Groups (more), Robin is a GRC & Cloud Cybersecurity trailblazer. – EnterpriseGRC clients accomplish automated, integrated audits, leveraging secure configuration baselines mapped to over 25 in-demand cybersecurity frameworks. Her industry experience includes running companies and departments that supply services via compliance management systems, policies, processes, and well-formed data for SaaS (IaaS and PaaS), Insurance, Finance, Life Science & Healthcare, Banking, Education, Defense, and High Tech. Robin is a “hands-on leader” known for depth in data architecture, programming languages, policy development, and delivering work products that pass major regulatory certifications. Some positions include Virtual CISO, Technology Officer at State Street Bank, Leading Process Engineering for a major New England CLEC, Sr. Director & VP Enterprise Technology for multiple advisory firms, founding & engineering products, and running two governance software companies. You may remember working with Robin as the Director of Enterprise Compliance at Ellie Mae (ICE), a Cisco, Unified Compliance, and ISMS Program Manager, or a consultant providing LSHC support to several MDM clients. Robin is also known for donating substantial time to supporting social platform security with hopes of furthering social civil democracy.
EnterpriseGRC Solutions offers web-enabled compliance implementation, training, and security and risk management services. Facilitate compliance management tools to help companies monitor and report on governance, compliance, and risk (GRC) across the enterprise. GRC stands for Governance, Risk, and Compliance and is a framework that helps organizations manage risks, meet regulations, and align IT with business objectives. EnterpriseGRC Solutions specializes in mapping cybersecurity requirements across multiple external frameworks.
Session Two – 9:30 to 10:00 AM | Pragmatic Compliance – Rebecca Allen Diamond, Information security GRC leader and compliance program builder, Zyston
Session Three – 10:00 to 10:45 AM | The Future of Customer Trust – Bryan Culp, Box
The Future of Customer Trust – As Customer Trust emerges as a key business function and potential career path, we’ll discuss what it is, why it matters, and how we can work together to make it easier and more effective.
Bryan Culp leads Trust & Quality within Box’s Governance, Risk, and Compliance (GRC) group and is responsible for Customer Trust, GxP GTM, Third Party Risk Management, the company’s Policy Program, and Quarterly Management Review. He previously led the Customer Trust team in Cisco’s Security & Trust organization.
He is passionate about how SaaS companies build, maintain, and grow trust with customers and partners. He advocates for Environmental Social Governance (ESG) and participates in his local ISC2 and ISACA chapter meetings. Other interests include reading and writing, traveling, and being in nature.
Bryan’s LinkedIn articles at: https://www.linkedin.com/in/bryanculp/recent-activity/posts/
2021 book Bryan was the co-contributing editor for: “Back to Basics: Focusing on the fundamentals to boost cybersecurity and resilience” – Areas of expertise: Audits | Certifications | Common Controls | Contract Negotiations | Customer Trust | Governance, Risk & Compliance | GxP | Metrics & Reporting | Organizational Design | Policies & Procedures | Privacy & Data Protection | Process Optimization | Sales Enablement | Security | Strategy, Planning & Operations | Team Building | Third Party Risk
Box is the world’s leading Content Cloud. More than 115K organizations worldwide, including nearly 70% of the Fortune 500 and leaders across deeply regulated industries, trust us to protect their data, fuel collaboration, and power critical workflows with secure enterprise AI. See box.com for more information.
Session Four – 10:45 to 11:30 | AI Governance & Compliance by Design, Varun Prasad, BDO
Topic: AI Governance By Design
About Varun Prasad: Varun is a managing director at BDO’s third-party attestation practice. In his current role, he works with tech companies to evaluate their cybersecurity posture and assess compliance with SOC 2 and various ISO standards to help them meet customer requirements and build trust with stakeholders. He focuses on complex and emerging security, privacy, cloud, and AI assurance requirements.
Varun is an IT audit and risk management professional with 15+ years of progressive experience gained through various roles for Big4 firms and world-leading corporations across multiple geographies. He has managed and executed a variety of IT audit-based projects from end to end. He has provided various IT audit and assurance services, such as SOC 1/SOC 2 examinations, ISO 27001/42001/22301 audits, cybersecurity assessments, SOX testing, and privacy reviews. Varun is the VP of the ISACA SF chapter and part of ISACA’s IT Audit and Assurance Task Force.
BDO delivers assurance, tax, and financial advisory services tailored to our client’s industries, unique needs, and goals. BDO USA, P.C., a Virginia professional corporation, is a U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. For more information, please visit www.bdo.com.
Session Five – 11:30 to 12:00 Chandra Sekhar Dash | GRC Evolution | Sr Director – GRC | Ushur
Chandra is a seasoned professional with over 20 years of expertise in Governance, Risk, and Compliance (GRC), IT/OT Security, Cloud Security, and Cybersecurity Operations. As the Senior Director at Ushur Inc. in California, he leads a dedicated GRC and Cybersecurity team, leveraging his extensive experience with Managed Security Providers, consulting firms, and IT system integrators across various sectors, including Pharmaceuticals, Chemicals, Government, Healthcare, Telecommunications, Banking, and R&D. Chandra specializes in security assessments, compliance reviews, and AI governance, effectively managing security operations and programs to enhance organizational security. His notable achievements include leading certification programs like HITRUST, SOC2, and ISO27001 and compliance programs such as PCI-DSS, GDPR, HIPAA, CCPA, TCPA, and PIPEDA.
Ushur is an AI-powered, no-code Customer Experience Automation (CXA) SaaS platform headquartered in Santa Clara, California. Ushur’s solution seamlessly integrates process and conversation automation, enabling large enterprises to optimize workflows and back-office operations. By eliminating manual tasks, Ushur delivers significant value, allowing organizations to redeploy human capital towards higher-value business initiatives. Ushur specializes in enhancing customer experiences within highly regulated industries, partnering with Fortune 100 companies to drive transformative results while adhering to compliance and regulatory requirements. Ushur products are HITRUST and ISO 27001 certified and compliant with SOC2, PCI-DSS, GDPR CCPA, etc. Ushur platform revolutionizes interactions across critical touchpoints—encompassing customers, partners, claimants, and patients—empowering businesses to grow and optimize their operations effectively.
Lunch
Catered lunch includes options from https://freshnatural.com
Keynote, Session Six – 1:15 to 2:00 PM | The Lost Art of Information Assurance | Jacob Horne, CMMC Town Crier | Ask me about NIST cybersecurity controls | Smashing compliance frameworks for fun and profit | Cyber policy wonk | Summit 7
Topic: The Lost Art of Information Assurance
About our Keynote: Jacob Horne, the Chief Security Evangelist at Summit 7, where he specializes in DFARS, NIST, and CMMC compliance for contractors in the Defense Industrial Base.
As a former NSA intelligence analyst and U.S. Navy cryptologic technician, Jacob has over 15 years of experience in offensive and defensive cybersecurity operations.
As a civilian, he has led Governance, Risk, and Compliance teams at AT&T, Northrop Grumman, and the NIST Manufacturing Extension Partnership.
He has developed and taught numerous cybersecurity training programs for organizations, including UCLA, UC Irvine, and the NSA National Cryptologic School.
Jacob has a master’s degree in cybersecurity risk and strategy from NYU and an MBA from the UC Irvine Paul Merage School of Business.
About SUMMIT7: SUMMIT7 protects the American Dream by Securing the Warfighter.
“Our specialty is enabling Department of Defense contractors to win more contracts through next-level cybersecurity and compliance. We help the defense supply chain protect America’s data and future generations of United States Warfighters by implementing the right security and compliance measures in the Microsoft Government Cloud. With over 900 Defense Industrial Base suppliers as customers, we’re experts in CMMC, CUI, ITAR, NIST 800-171, and DFARS.
Session Seven – Confirmation pending – Steve Wilson returns to share the release of his new book.
CPO at Exabeam | Lead for OWASP Top 10 for Large Language Model AI Security | Driving AI-Powered Product Innovation
Topic—After Steve’s fantastic AI training at the March conference, we’re asking Steve Wilson back to discuss releasing his new O’Reilly book, The Developer’s Playbook for Large Language Model Security.
About Steve Wilson: Chief Product Officer at Exabeam, Steve Wilson leads product strategy, product management, product marketing, and research. He is a leader and innovator in AI, cybersecurity, and cloud computing, with over 20 years of experience leading high-performance teams to build mission-critical enterprise software and high-leverage platforms. Before joining Exabeam, he served as CPO at Contrast Security, leading all aspects of product development, including strategy, product management, product marketing, product design, and engineering. Wilson has a proven track record of driving product transformation from on-premises legacy software to subscription-based SaaS business models, including at Citrix, accounting for over $1 billion in ARR. He has experience building software platforms at multi-billion dollar companies like Oracle and Sun Microsystems.
Wilson is also a project leader at the Open Web Application Security Project (OWASP) Foundation, where he has assembled a group of over 400 experts to create the first industry-standard, comprehensive reference project called the “Top 10 List for Large Language Model Applications.” The list educates developers, designers, architects, managers, and organizations about the potential security risks when deploying and managing generative AI and other large language models (LLMs). He holds a degree in Business Administration from the University of San Diego and a second-degree black belt from the American Taekwondo Association.
About OWASP: owasp.org The Open Worldwide Application Security Project is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in IoT, system software, and web application security. The OWASP provides free and open resources.
About Exabeam: Exabeam is a global cybersecurity leader and creator of New-Scale SIEM™️. We help organizations detect threats, defend against cyberattacks, and defeat adversaries, offering a new way for security teams to approach threat detection, investigation, and response (TDIR). By combining the scale and power of the cloud with the strength of our industry-leading behavioral analytics and automation, organizations gain a more holistic view of security incidents, uncover anomalies missed by other tools, and achieve faster, more accurate, and repeatable responses.
2:45 – 4:00 PM CAKE BREAK & Networking – Meet a mentor, an author, a vendor, an employer
Attendees earn credit by meeting with our vendors and documenting their interactive commitments using our online feedback form. In keeping with giving each keynote first dibs on the main dessert offering, Jabob Horne has selected CARROT CAKE. An array of healthy snacks and coffee will give us an afternoon boost.
Session Nine – Round Table – 4:00 to 4:45 PM AI Governance: Balancing Innovation, Safety, and Responsibility
Moderated by Indus Khaitan – Redblock – Additional Panel Guests will begin to appear soon. Expect some big names and big surprises.
Round Table Topic: AI Governance: Balancing Innovation, Safety, and Responsibility
As artificial intelligence (AI) becomes increasingly integrated into critical industries, the need for robust AI governance is more pressing than ever. This panel discussion will explore the essential aspects of AI governance, focusing on AI safety, responsible AI deployment, configuration management, and access control.
Key issues include ensuring AI systems operate within ethical and safe boundaries, minimizing biases, and safeguarding sensitive data through stringent access control measures. Experts will examine how effective configuration management can prevent unintended outcomes and discuss frameworks that ensure accountability, transparency, and fairness in AI development and deployment.
Our moderator, Indus Khaitan, is the founder and CEO of Redblock, an AI for Cybersecurity startup based out of San Ramon. Earlier, Indus sold his mobile security startup to Oracle. Indus lives in Dublin, CA.
Automation is AI’s primary job to be done for Cybersecurity.
The network is no longer the perimeter, and firewalls can no longer protect devices or servers. Even a locked-down identity isn’t enough to defend against today’s adversaries, who are always one step ahead. They have the same–if not better–tools as we do and only need to be right once. Our speed is the key to protecting our critical IT/OT infrastructure. Redblock accelerates threat detection and remediation.
5:00 Wrap Up, Scholarships, Raffles & Response
Attendees must complete the Conference Feedback Form to receive all 8 CPEs. ISC2 East Bay Chapter is a nonprofit organization that offers our community a safe networking experience where they can advance their interests and careers in cybersecurity.
ISC2 East Bay 2024 Sponsors
Platinum – Lifetime and Venue
- Stellar Cyber
- Oracle
- Securonix
- Zeiss
Silver Sponsors (1K)
- Exiger
Bronze Sponsors (500)
- Box
- TalPoint
- Zyston LLC
- EnterpriseGRC Solutions
- Pantheon
Cake Break Sponsors
- SecureFrame
- Sprinto
- Usher
- BDO
Please become an ISC2 East Bay Sponsor by donating to our Sponsorship Page. Donations made in October through December will be reflected for all of 2025.
About ISC2
ISC2 is the world’s leading member organization for cybersecurity professionals, driven by our vision of a safe and secure cyber world. Our nearly 675,000 members, candidates, and associates around the globe are a force for good, safeguarding the way we live. Our award-winning certifications – including cybersecurity’s premier certification, the CISSP® – enable professionals to demonstrate their knowledge, skills, and abilities at every stage of their careers. ISC2 strengthens the cybersecurity profession’s influence, diversity, and vitality through advocacy, expertise, and workforce empowerment, accelerating cyber safety and security in an interconnected world. Our charitable foundation, The Center for Cyber Safety and Education, helps create more access to cyber careers and educates those most vulnerable. Learn more and get involved at ISC2.org. Connect with us on X, Facebook, and LinkedIn.
