Registration Required: July 9, 2026 – 7:00 pm – 9:00 pm Pacific Time | 2 CPEs
Session One: Combined SOC 2 and ISO 27001 Audit, Frank, Rimerman + Co. LLP
This presentation addresses the critical need for a unified cybersecurity strategy by integrating SOC 2 and ISO 27001. Managing them separately causes inefficiency and heightens cybersecurity risk. The session shows how this integration delivers a stronger, more defensible security posture. Key Takeaways:
- Combine the granular security rigor of SOC 2 with the systematic, continuous improvement of ISO 27001 for true resilience against threats.
- Learn practical steps for control mapping and unified risk management to eliminate security gaps and policy redundancies.
- Master the shared audit approach (using dual-proficient auditors and strategic evidence timing) to drastically reduce audit fatigue and resource strain on security teams.
- Transform compliance from a burden into a cybersecurity asset that meets both rigorous U.S. and global standards.
About Nelly Spieler, Partner – Frank, Rimerman + Co. LLP
Nelly has nearly 20 years of auditing, consulting and management experience working with companies worldwide. She oversees the Technology Assurance and Risk Management department that includes ISO, SOC, CSA STAR Level 2 certifications, and other key attestations. Given that a significant portion of Nelly’s clients operate in various public clouds, she has extensive expertise in cloud security as well as in the Governance, Risk, and Compliance (GRC) field. Nelly works with privately held, pre-IPO, and public companies and has acted as an internal and external auditor for her clients.
Nelly received her M.B.A. from the University of California at Berkeley (UCB), Haas School of Business. She is also a CISA, CIP/T, and has ISO 27001/42001 certification. In the past, Nelly served on the Board of Directors and as the President of the San Francisco chapter of the Information Systems Audit and Control Association (ISACA).
About Frank, Rimerman + Co LLP
Since 1949, Frank, Rimerman has built a legacy of client-centered expertise, focusing on superior client service, staff mentoring, and proactive problem-solving. We maintain a size that perfectly balances expert capabilities with personalized attention for your long-term success, avoiding pitfalls like over-leveraging and impersonal relationship management. Our priority is cost-effectiveness, ensuring you can allocate more resources directly to your mission.
At the core of our services is a deep understanding of risk and a commitment to client success, especially in the rapidly evolving landscape of AI and SaaS. Our IT Assurance and Risk Management practice offers tailored solutions to enhance operations and address the organization’s specific risk profiles. In today’s interconnected world, ensuring robust systems for managing information security and operating integrity is crucial. Our expertise spans multiple frameworks, including ISO 27001, ISO 27701, SOC 1, SOC 2, SOC 3, CSA STAR Level 2, supporting all your assurance needs.
We are uniquely positioned to speak on the topic:
- Deep SaaS Expertise: Our extensive experience with multi-product SaaS companies means we understand the technology and business model. We provide audits that are not only compliant but also practical and aligned with your operational realities.
- Integrated Approach: Our tailored methodology is designed to complement the organization’s existing knowledge and streamline the compliance journey. We efficiently leverage a single set of evidence to satisfy requirements for both ISO 27001 and SOC 2, saving you time and resources.
- Global Reach and Flexibility: Our team is experienced in working with global teams across different time zones, ensuring seamless communication and project execution.
- Commitment to Partnership: We view our engagements as year-round relationships. We are committed to providing ongoing support and advice at no additional cost, ensuring you always have access to our expertise. Our responsive and transparent approach is designed to minimize surprises and provide you with peace of mind.
Session Two: Real-Time DMARC: AI-Enabled Email Authentication for the Next Era, Threatcop
SPF, DKIM, and DMARC have anchored email authentication for decades, but they still leave a crucial blind spot. They validate sending domains, but they don’t answer the real question security teams face when an attack comes through: who exactly is being spoofed?
Even with strict DMARC enforcement, attackers find ways to bypass, and by the time reporting surfaces, the damage is already in motion. This session will introduce Real-Time DMARC, a patent-pending innovation that transforms these static controls into dynamic enforcement. The core advancement lies in correlating SPF-derived metadata with DMARC validation in real time.
By leveraging SPF macros during evaluation, the system surfaces spoofed sender identities while the message is being processed. That identity data is then correlated against DMARC policies instantly, with AI models strengthening the decision logic. Instead of waiting for forensic reports or static pass/fail results, security teams gain immediate visibility into which identities are being abused.
The webinar will cover:
- The Limits of Today’s Standards: Why SPF and DMARC cannot reveal spoofed identities in real time, and examples where spoofed emails passed checks.
- Real-Time DMARC Explained: How SPF macros expose spoofed sender data, and how AI correlation ties SPF outcomes with DMARC policies to enforce trust dynamically.
- Case Studies: A CFO’s identity was spoofed in a phishing campaign that appeared valid under DMARC but was flagged instantly through correlation. A supplier invoice scam where Real-Time DMARC revealed the impersonated address in milliseconds, enabling SOC teams to block it before user interaction.
- Why It Matters for Security Teams: SOC analysts gain immediate visibility into spoofed identities. Incident responders get forensic-ready logs that connect sender identity, SPF output, and DMARC enforcement. Architects and CISOs can use these insights to strengthen brand protection and improve trust reporting.
- Looking Ahead: What this evolution means for the future of DMARC, and how security leaders and practitioners can prepare for adoption. This is not a product pitch or awareness talk. It is about the first practical framework for Real-Time DMARC, correlating SPF and DMARC dynamically, using AI to close long-standing gaps in email trust. For security teams and leaders alike, it represents a new standard in defending against spoofing.
About Pavan Kushwaha: CEO, Threatcop & Kratikal
Pavan Kushwaha is a visionary entrepreneur and cybersecurity expert with over a decade of experience in building world-class security solutions. As the founder and CEO of both Threatcop and Kratikal, Pavan has pioneered people-centric security and advanced simulation technologies. His leadership has driven both organizations to the forefront of the industry, focusing on the intersection of human behavior, automated risk detection, and agentic AI security. He is a frequent speaker at global security summits and is dedicated to fostering the next generation of cybersecurity talent.
About Threatcop
Threatcop AI Inc. is a People Security Management (PSM) company and a sister concern of Kratikal. Threatcop helps organisations reduce cyber risk by strengthening employee security posture—turning people from the weakest link into the strongest line of defence. With a focus on social engineering and email-led attacks, Threatcop drives measurable improvements in security behaviour and readiness. Serving 250+ large enterprises and 600+ SMEs across 30+ countries, Threatcop supports organisations across E-commerce, Finance, BFSI, Healthcare, Manufacturing, and Telecom. Threatcop follows the A-A-P-E framework (Assess, Aware, Protect, Empower) and delivers products such as TSAT, TLMS, TDMARC, and TPIR to address evolving threats. By reducing human error and improving day-to-day security decisions, Threatcop enables a lasting culture of cybersecurity awareness.
