Full attendance for registered ISC2 members earns 8 CPE. Certificates of attendance can be used with organizations that recognize ISC2 for professional development credits.
- 8 CPE Event – Pricing for (ISC)2—ISACA—ISSA Members – $55.00 USD
- Students – $35.00 USD
- Non-Members – $75.00 USD
- Recent Past Presenters FREE (to see if you qualify, look at the Chapter Events page)
- Member Sponsors (Paying it forward) $100.00 USD as a charitable donation.
Our single-day event sponsor rates are:
- Breakfast $300.00 (Thank you, Otorio)
- Lunch $500.00 (Thank you, ColorTokens)
- Coffee $200.00 (Thank you, Securonix)
For more information about sponsoring the ISC2 East Bay Chapter and or any of the Chapter events, email: email@example.com (also, Robin, (ISC)2 East Bay Chapter President).
*Time spent one-on-one with Sponsors may count as an offset towards up to 1.5 hours of the day’s 8 CPE.
Visit: OTORIO—COLORTOKENS – SECURONIX for up to 1.5 CPE as an alternative to time attending all of the presentations, during the breaks, or to be completed independently within one week of the event. (Requires email to the conference director.)
|Topics and Companies (Still under development, please check back soon.)||Speakers and links to bios|
|8 AM Sponsor Address: Why we work with ISC2 East Bay and Who we are, from OTORIO.|
This is an open forum during sign-in and seating from 8 to 8:55
Jackie Kalter has been a strategic Sales Executive in Cybersecurity for over 20 years and is currently a Director of Sales for OTORIO. She has previously served on the Board of ISSA Orange County in the capacity of VP and Program Director, and is currently President of the Cloud Security Alliance (CSA) in Orange County and serves on the Board for CSA San Diego. Additionally, she founded a Women’s Leadership Group in OC and San Diego.
|OTORIO and our sibling organizations, CSA, ISACA, ISSA, and fellow chapters of ISC2 welcome you to breakfast and coffee 8:00 – 8:55 AM||Enjoy your coffee and a bagel, or yogurt and fruit, a meal from the people at OTORIO.|
|9 AM Topic: Understanding Zero Trust Ramifications in a Converging World|
OTORIO’s Domain expertise within Operational Technologies will be demonstrated to you with a presentation on how IT and IoT can come together and deploy a Zero Trust architecture in a secure manner that allows for resilient operations.
Philippe Pagnier has been in the Operational Technology space for over 25 years, with more than half of that time focused on OT networks in utilities, manufacturing, and telecommunications. Philippe is currently applying his extensive knowledge as Senior Cybersecurity Engineer at OTORIO. Philippe attended the National School of Applied Science and Technology in France, earning his MSEE, Engineering with an emphasis on Industrial Computing and Digital Signal Processing.
|About OTORIO: We empower operational and security teams to proactively manage digital risks and build resilient operations through a technology-enabled ecosystem. Our OT security and converged OT-IT-IIoT network risk management solutions are selected and deployed worldwide by industrial manufacturing, critical infrastructure, smart transportation organizations, and more.|
|10 AM Topic||Srinivas Akella|
|11 AM Topic:||Erica Cunningham|
The Future of Zero Trust, ColorTokens
Lunch is Barb-B-Q from Armadillo Willy’s and Sponsor Address from Erica Cunningham.
People who want a Vegan option can let us know at the start of the day and we’ll give them tokens (from ColorTokens) to get lunch from the Oracle Cafeteria. Lunch is an open hour so there’s plenty of time to socialize and enjoy your lunch options.
|1 PM Topic: What is data for good and how will we trust it?|
-Web data as essential business insights
-The various uses of web data and technical ways of its sourcing and structure
-The role of data in the data pillar of Zero Trust
About Ben Segal: Ben Segal is a focused, performance-driven leader with thorough knowledge of technical processes for enterprise software, SaaS applications, and digital platforms. With a proven track record of ramping quickly and developing urgency in sales cycles, Ben is known for his strong team-building experience with decisive judgment and discipline to focus on driving complex sales implementations.
Ben has comprehensive experience in both large, global organizations and emerging growth companies. He is the former VP of Sales with adtech pioneer IPONWEB, and held sales leadership roles with VC-backed enterprise SaaS platforms in the ad tech, martech, and HRIS spaces. Ben also worked for Salesforce during their years of rapid expansion.
Ben has a graduate degree in Business from Columbia University.
|About Bright Data: Bright Data is the pioneer and innovator in data collection automation, dedicated to helping all businesses view the Internet just like their consumers and potential consumers do each and every day. We help global brands gather publicly available online data in an ethical manner at scale. Working with over 10,000 customers, our data collection automation (DCA) platform enables clients to view the internet in complete transparency. By scouring the web through the eyes of the consumer, organizations can turn unstructured||HTML data at scale into structured CSV or JSON databases. This helps deliver business insights, from how your customers are interacting with your brand and what share of voice your competitors hold. Ultimately, this translates to making better, faster, and more informed business decisions based on data that is real-time, accurate, large-scale, and transparent.|
|2 PM Topic: When the Cyber War Was Zero Trust|
Zero Trust is revolutionizing network security architecture: it is data and device-centric and designed to stop data breaches while protecting critical infrastructure and making cyber attacks unsuccessful. In this session, Zero Trust Creator, John Kindervag, SVP of Cybersecurity Strategy at ON2IT, will discuss the concept of Zero Trust and explain why Zero Trust is the world’s only true cybersecurity strategy. In 2020, President Biden issued an Executive Order mandating that all US Federal Government Agencies move towards adopting Zero Trust.
Zero Trust is strategically resonant to the highest levels of the business and practically and tactically implementable using commercial off-the-shelf technologies. These 21st-century networks have been adopted by large enterprises and government entities around the world. John will explain how a Zero Trust Network Strategy will achieve tactical and operational goals that make security organizations business enablers, not business inhibitors.
About John Kindervag:
Senior Vice President Cybersecurity Strategy, ON2IT, and ON2IT Global Fellow John Kindervag joined ON2IT in March of 2021 as Senior Vice President Cybersecurity Strategy and ON2IT Global Fellow.
Previously John Kindervag was Field CTO at Palo Alto Networks and a Vice President and Principal Analyst at Forrester Research. John is considered one of the world’s foremost cybersecurity experts. He is best known for creating the revolutionary Zero Trust Model of Cybersecurity. In 2021, John was named to the President’s NSTAC Zero Trust Sub-Committee and was a primary author of the NSATC Zero Trust report being delivered to the President of the United States. Additionally, John was named CISO Magazine’s 2021 Cybersecurity Person of the Year. John has a practitioner background, serving as a security consultant, penetration tester, and security architect. He has been interviewed and published in numerous publications and has also appeared on television networks. He is a frequent speaker at security conferences and events.
|About ON2IT Cybersecurity:|
ON2IT is a global pure-play cybersecurity service provider. We offer worldwide managed cybersecurity services for organizations with complex and dynamic IT infrastructures.
|ON2IT managed services are modular, scalable, cost-effective, and always based on Zero Trust.|
|3 PM Diving into the pillars, meeting with the experts over Coffee and Cake||Use your appointment card to verify a conversation to cover every pillar of Zero Trust|
|ISC2 East Bay Breaks for Cake|
|The coffee break Sponsor is Securonix, who seeded this chapter with a Platinum Sponsorship and is our lifetime partner for all things SIEM.|
Thank you, Jamie!
|Jamie Garrison and Brian Albrecht|
|About Securonix: Securonix Inc (Securonix) is a security intelligence solutions provider. It enables users to detect, track, evaluate, and challenge security threats and risks. The company’s product portfolio includes Securonix Next-Gen SIEM, Securonix UEBA, Securonix SOAR, Securonix NTA, and Securonix Security Data Lake.||Securonix offers solutions such as application security, Securonix for AWS, cloud security monitoring, Securonix for CrowdStrike, cyber threat, data exfiltration, Securonix for EMR applications, fraud prevention, insider threats, Securonix for healthcare, identity analytics, and intelligence, insider threat, Securonix for Office 365, Securonix for Okta, privileged accounts, and Securonix for PTC windchill. Securonix is headquartered in Addison, Texas, the US.|
|Earn .5 CPE for every half hour spent with an ISC2 East Bay Sponsor||Thank you to Oracle for the generous use of your facilities!|
|4 PM Topic: Big Breaches |
This talk covers the key lessons learned and root causes of the biggest mega-breaches and the 9,000+ reported breaches over the past 15 years. By analyzing the histories, stories, and deep dives of breaches such as those at Target, JPMorgan Chase, OPM, Yahoo, Equifax, Facebook, Marriott, and Capital One, as well as the still unfolding SolarWinds hack, Neil Daswani will also lay the groundwork for a roadmap to recovery based on the root causes.
About Neil Daswani:
Neil Daswani is a Co-Director of the Stanford Advanced Security Certification Program. In the past, he has served in a variety of research, development, teaching, and executive roles at Symantec, LifeLock, Twitter, Dasient, Google, NTT DoCoMo USA Labs, Yodlee, and Bellcore.
Neil has been both a security entrepreneur having co-founded Dasient, which was acquired by Twitter, and has also served as a Chief Information Security Officer at LifeLock and at Symantec’s Consumer Business Unit. His DNA is deeply rooted in security research and development: he has dozens of technical articles published in top academic and industry conferences (ACM, IEEE, USENIX, RSA, BlackHat, and OWASP), and he has been granted over a dozen U.S. patents. Neil is also co-author of “Foundations of Security: What Every Programmer Needs To Know” (http://tinyurl.com/33xs6g). He earned Ph.D. and M.S. degrees in Computer Science at Stanford University, and he holds a B.S. in Computer Science with honors with distinction from Columbia University.
Get your copy now so you can have it signed by the author. https://www.amazon.com/Big-Breaches-Cybersecurity-Lessons-Everyone/dp/1484266544
ABOUT THE BOOK
The Capital One breach, the Facebook and Cambridge Analytica Hacks, the Marriott Breach, the Office of Personnel Management breaches, the Yahoo breaches, the Equifax breach, and other breaches we cover in this book are some of the worst, most infamous breaches to date. This book covers the root causes of each of these breaches in addition to over 9,000 other reported breaches to date as well as the impact to the financial, social, and political impact of them.
Learn why people should enter the cybersecurity field and what they can do to help prevent breaches from happening in the future. George Santayana once said, “Those who cannot remember the past are condemned to repeat it.” For those both entering and currently, in the field, the first step is to know the biggest breaches of the past, and the next step is to always remember them like the back of their hands to avoid having them repeated.
Those who cannot remember the past are condemned to repeat it.
|5 PM Topic: Z Action Plan and the Regulatory Road Ahead|
This closing conversation is an overview of the CSA Zero Trust Working Group and key resources to accomplishing your Z-Action Plan.
The revamped CSA ZT Research working group aims to help develop and socialize Zero Trust standards and guidance for secure cloud, hybrid, and mobile endpoint environments. This group will have nine distinct workstreams that address specific aspects of an end-to-end ZT architecture and implementation.
Zero Trust as a Philosophy & Guiding Principle
Zero Trust Organizational Strategy & Governance
Pillar: Applications & Workload
Automation, Orchestration, Visibility & Analytics
Zero Trust Architecture, Implementation, and Maturity Model
New ZT working group members can sign up at https://csaurl.org/zt-signup.
Link to workgroup charter: Zero Trust Working Group Charter 2022 – Final V1
Each workstream is developing its own mini-charter in its own shared document folder.
Additional CSA ZT Resources:
CSA ZT Resource Hub: https://cloudsecurityalliance.org/zt/resources/
CSA ZT Slack: csa-public.slack.com – #zero-trust-working-group.
Join using this URL: https://csaurl.org/csa-public-slack
Owner EnterpriseGRC Solutions, President, ISC2 East Bay, Certified Information Systems Security (CISSP), Audit (CISA), Governance (CGEIT) and Risk (CRISC-NA), ICT GRC expert and early adopter in both certifying and offering certification programs for Cloud Security and Virtualization, Robin’s industry experience includes the management of systems, controls, and data for SaaS (IaaS and PaaS), Finance, Healthcare, Banking, Education, Defense, and High Tech. Positions held include Technology Officer at State Street Bank, Leading Process Engineering for a major New England CLEC, Sr. Director Enterprise Technology for multiple advisory firms, founding, engineering product, and running two governance software companies, and most recently Director Enterprise Compliance for a major player in the mortgage industry, Ellie Mae. Recently full-time at Cisco, Unified Compliance and ISMS Program Manager, Robin provides voluntary support to social platform security to further social democracy.
|About EnterpriseGRC Solutions:|
EnterpriseGRC Solutions is a Governance Risk and Compliance company specializing in mapping cloud security and cyber security frameworks. We implement governance, ISMS, Risk Frameworks, and compliance automation products and programs. We emphasize system-based policies specific to security settings for secure configuration management.
|EnterpriseGRC is a women-owned small business offering compliance readiness, Security & GRC tools, Enterprise Security Architecture, Cybersecurity Risk Assessment, and a wide variety of resources for security and GRC technology support.|
Erica Cunningham, Maura Jones, Cory Brown, Peter Chen,
|ISC2 East Bay is extremely grateful to Oracle for providing us with the use of their facilities.|
|Big Breaches Book Raffle||Book Signing – Inviting all authors.|
We look forward to seeing you on Friday, March 10th, 2023
Sign in and sponsor breakfast starting at 8 AM, with presentations from 9 AM – 5 PM
Full attendance for registered ISC2 members is 8 CPE. Certificates of attendance may be used with organizations recognizing ISC2 as a resource for professional development. Your end of day feedback will secure your personal recognition of attendance.
A Note About DoGood
Our board is constantly solicited for opinions and opportunities. You might ask, who has the time? The answer would be, our President and Recent Past Treasurer, Gary Dylina. Through the company, DoGood, we have been able to raise charitable contributions from numerous CyberSecurity oriented companies. We invite all of our members to explore DoGood and make the time to engage Vendors in social good. The reason ISC2 East Bay has operated for so long without asking our members for dues is because our board and our presenters simply do good.