Security and Privacy Entrepreneurs

November 8th, 2019 – Security and Privacy Entrepreneurs

Venue: SABA Software 4120 Dublin Blvd. Amenity Hub Dublin, CA 94568
ISC2 East Bay Nov 8th, 2019 Conference Flyer
What are we doing? Who are we serving? Are we world collaborators? Are we Ninja Destroyers?
Pricing – There is no early bird, there’s just kindness
The event was a tremendous success because of all of you. We look forward to seeing everyone in January. Have a safe and loving holiday season. 
Breakfast – Welcome – 8:45 – 9:15 AM
Chapter Mission + Brother and Sister Organizations and the Industry Mission – Guest ISC2 SV, ISSA, CSA, ISACA About your Board and Committee: About Our Breakfast Sponsors:
         
Session 1: 9:15 AM
Meet Ali Bouhouch
Responsibility in the Cyber/Cognitive Era Chairman Of The Board at The Good Data Factory Security and Privacy Entrepreneurs Nov 8 2019
Session Description: Humanity is entering an exciting era where technological advancements have made it possible for us not only to change how information is processed but how information changes how we think and behave as conscientious independent and social actors. With these newfound powers comes the awesome responsibility, as creators and consumers, to properly reframe our mindsets, develop new skills and deploy modern tools that continue to serve humanity in harmony with our environment. About your speaker: chairman of the board at the good data factory, recent CTO & VP of enterprise architecture at Sephora, Ali Bouhouch is a transformational technology executive with over 20 years of success in leading consulting, software and data engineering teams and delivering cutting-edge solutions in e-commerce, client experience, and advanced analytics. Ali has deep experience in leveraging emerging technologies like cloud, big data, in-memory, and cognitive computing to drive success throughout the customer journey in digital marketing and retail. Prior to joining Sephora, Ali was at grid dynamics where he led a globally distributed team serving the technology needs of leading retailers like Macy’s, kohls and American Eagle Outfitters. Before that Ali held leadership positions at Forrester, Tibco, and WIPRO. Ali has been a valuable member of the senior executive team at small silicon valley startups as well as global enterprises. Ali holds a bs degree in electrical engineering from San Diego state university and an MS Degree in computer science from Arizona State University. About your speaker: Chairman Of The Board at The Good Data Factory, recent CTO & VP OF ENTERPRISE ARCHITECTURE AT SEPHORA, Ali Bouhouch is a transformational technology executive with over 20 years of success in leading consulting, software and data engineering teams and delivering cutting-edge solutions in e-Commerce, Client Experience, and Advanced Analytics. Ali has deep experience in leveraging emerging technologies like Cloud, Big Data, In-Memory and Cognitive Computing to drive success throughout the customer journey in digital marketing and retail.  Prior to joining Sephora, Ali was at Grid Dynamics where he led a globally distributed team serving the technology needs of leading retailers like Macy’s, Kohls and American Eagle Outfitters. Before that Ali held leadership positions at Forrester, TIBCO and WIPRO. Ali has been a valuable member of the senior executive team at small Silicon Valley startups as well as global enterprises.  Ali holds a BS degree in Electrical Engineering from San Diego State University and an MS degree in Computer Science from Arizona State University.

About The Good Data Factory: In a world drowning in data and starved for information and actionable insight, The Good Data Factory steps in to fill ever-increasing skills and capability gap. We serve as a strategic data science partner to our clients, from startups to large corporations, either having an in-house team of data analytics or not, and we help them to effectively shape their business strategies and create a sustainable competitive advantage in the digital and experience economy. Our team of Data Engineers and Data Scientists bring a disciplined approach to the treatment of data throughout the Data Science pipeline. They ensure data is available in a purpose-fit format and quality at every stage of the Data Science lifecycle without compromising the integrity of the original raw data corpus. Our Data Scientists are Mathematically grounded with PhDs and Post-Doctoral on-going research in Abstract and Applied Mathematics. They are skilled in multiple modeling approaches and capable of understanding a problem domain, characterize its dimensions of complexity, project it into the appropriate solution space to reduce complexity and surface latent or hidden attributes and patterns leading to simpler and better performing algorithms than the usual brute force approach. We are working with clients from varying industries including Retail, Digital Marketing, Banking, Insurance, and Energy. Give us your most challenging Data, Analytics or Data Science problem and let us show you a different way of solving it effectively and efficiently.
Session 2: 10:00 AM

Meet Doug Meier
Slipping Behind the Curve of Reality   Doug Meier, National Director of Information Security & Data Governance Slipping the Curve of Reality

Session Description: Session Description: Why you shouldn’t be building a security program – because you’re just going to do it the wrong way
Detail: Modern Security programs are built with the best of intentions, addressing immediate concerns and focusing on short-term tactical needs to protect and secure the business. While this all-too-common strategy produces positive benefits in the short-term and can establish a security ethic into the organizational mindset, it sacrifices long-term vision and scope. This commonly accepted, ad hoc approach is a major contributing factor in why the average tenure of a security professional is between 18 months and two years. We come in and solve some problems, but we tend to wear out our welcome and don’t stick around very long. There are reasons for this that we don’t like to consider. One is that security programs are too focused on issues du jour and not focused enough on the hard work of continually aligning security program objectives to the organization’s strategic objectives. Another reason is that we tend to believe our own hype — that is, cling to the tired security program dogmas of 10 and 20 years ago. Until we confront our own assumptions and failings, we will continue, as a profession,  to slip further behind the curve of reality. In this session, Doug identifies how we need to challenge fundamental assumptions and re-prioritize our efforts accordingly to contribute meaningfully and consistently to the success of the organization over time.
Your perception of what it takes to build a security program is probably incorrect
Session 3: 11:00 AM
Meet Fred Bret-Mounet 
Topic: Running effective Identity & Access in a Start-Up World   IAM Strategy
Session Description: Managing IAM in a startup world through automation Appropriate Identity and Access Management in the corporate world is a critical function to ensure one’s security posture. You don’t need to spend millions to get it right! You don’t need to have resources dedicated to managing it!
This talk will focus on how through automation, crowdsourcing, and simple processes, one can ensure your employees only have the access they need. For example:
– our quarterly employee access review takes 5 minutes.
– terminated employees lose access within 5 minutes of leaving the premises.
– provisioning of new employees is mostly automated based on role mappings. You can do all this without breaking the bank and have time to focus on the bigger problems! At the end of the day, humans are humans… they are unreliable! If you have regulatory or compliance requirements around IAM, you have no choice: you need to automate.
About your speaker: “It all started with early e-commerce sites storing item prices client-side!
A tinkerer from an early age and the constant need to feed my curiosity have been critical skills to my Information Security career.
With strong technical skills that I keep current and some amount of business acumen, I realized early that my role was not to build mini Fort Knox everywhere I went but instead teach people new skills: I am an evangelist helping organizations understand enough about the risk dimension associated to security and privacy – just as we understand financial, brand or contractual/legal dimensions in our daily activities.
I am also an enforcer! Not the one that carries a weapon – instead, I keep us honest by providing a platform for self-policing. “
Session 4: Luncheon
Private tables and appointments during afternoon sessions – sign-ups during open lunch – CPE’s for follow up
Session 5: 1:00 PM
Meet Eric Heitzman
Closing the gaps between Security Policy and Execution   Eric Heitzman, Director of Business Development
Session Description: When it comes to software development, most organizations have established some high level “security best practices” and identified some compliance guidelines for how their applications should be implemented. Unfortunately, everyone struggles with translating from these high-level requirements into actionable guidance that engineering teams can use to implement their applications. Join us to learn how a new approach – a “Policy to Execution” platform – can help you centralize, streamline, and scale your software security program.   About Your Speaker: Eric Heitzman, Director of Business Development
Eric helps Security Compass’s largest customers (in finance, technology, health, oil & gas) address Security, Privacy, and Compliance for software applications at scale. Eric is a career application security expert (security consulting, static analysis, and dynamic analysis).
About Security Compass: Security Compass is a software security company that offers professional advisory services, training, and SD Elements, a first-of-its-kind “policy to execution” platform. We help to eliminate security vulnerabilities in mission-critical applications so that regulatory and compliance standards are easily met.
Session 6: Postponed to March event, we’re sorry Michelle was held up in flight.
Session 7: 2:00 PM
 Meet Ron Herardian
The Legitimate use of Blockchain for Security and Privacy   Basil Slides for ISC2 Fall Conference
Session Description: Blockchain is the most hyped technology in recent years. There is no industry that will not, allegedly, be disrupted or revolutionized by digital ledger technology, cryptocurrency, asset tokenization, or Smart Contracts. Cybersecurity and regulatory technology are no exception, but are there legitimate commercial applications? Is it just hype? Or is blockchain technology something that will actually be useful for information security professionals, and for governance, risk and compliance professionals?  What are the use cases? How do we get there from here? About your speaker: Ron Herardian has a 20-year track record of success in enterprise software as a founder, investor, board member and advisor serving in multiple engineering, consulting and CxO roles. In his last role, Mr. Herardian was responsible for operations including DevOps and InfoSec, including SOC 2 and GDPR compliance.  Ron Herardian has a 20-year track record of success in enterprise software as a founder, investor, board member and advisor serving in multiple engineering, consulting and CxO roles. In his last role, Mr. Herardian was responsible for operations including DevOps and InfoSec, including SOC 2 and GDPR compliance. Mr. Herardian, who has worked for IBM Lotus, Cisco and Oracle in the past, is a graduate of Stanford University, a member of the Institute for Electrical and Electronic Engineers (IEEE) and a Senior Member of the Association of Computing Machinery (ACM). He is a speaker at conferences and events, as well as a published author who has co-authored a book and written many whitepapers and articles. About Basil: Basil is a revolutionary new DevSecOps framework that prevents security and operational mistakes, as well as malicious insider actions; a secure middleware layer that performs code execution or data access on behalf of human or machine users. Users are defined, and security rules are stored on the blockchain. User actions are digitally signed, so that rule changes, approvals, and other actions are recorded on the blockchain. As a result, Basil creates a chain of integrity through the CI/CD pipeline.
Networking 4:00 to 4:30 Cake Break
Session 8: 4:30 PM – 5:30
Meet Johanna Lyman (pronouns she, her)
Why Culture Matters   Brave Cultures 4 keys

Session Description: if you have a business culture that is not psychologically safe for all types of people, you have a culture of mistrust. In a culture of mistrust, people- especially marginalized people- will withhold information, avoid admitting mistakes, and be generally disengaged in ways that can dramatically reduce their efficacy. If disengaged employees are dealing with matters of Security and Privacy, a LOT can go wrong. Homogenous leadership leads to biases- many of them unconscious- that can cause your company to be susceptible to security breaches caused by social engineering. An essential element for creating a culture of trust and psychological safety is to ensure that the Leadership team is diverse and inclusive.  NextGen Orgs: We help companies build Brave Cultures(TM): Mission Driven. Embrace Failure. Radically Inclusive. Speaks about Conscious Capitalism
Scholarship Winners
 James Logan Robotics Club, Olin College
Constantly DoGood
 Thank you to board members who donate their time to raise scholarship money through DoGood
Sponsors Welcome
 
netskope
About ISC2
Your friends and colleagues at (ISC)2 East Bay Chapter chapter can’t wait to see you. We hope you join us in giving special thanks to the conference committee volunteers, without whom, such events would not be possible. Providing weekly meetings, binding flyers, drafting letters, being a liaison to our gracious speakers, updating and proofing our presentations, and assisting in the overall quality management of each Conference, we acknowledge Dan Green, Ed Glover, Maura Jones, Rizwan Ashraf, Peter Chen, as well as all members of the Board of Directors for their added responsibilities in coordinating our conference business, and for all the wisdom provided by the full membership of our chapter. Your support is greatly appreciated. Sincerely, Robin Basham, Conference Director, and Chapter President. President Robin Basham Vice President  Istvan Berko Treasurer and Finance Director Gary Dylina Chapter Secretary Carmen Parrish Director Membership  Kerry Bryan Director Programs Dan Green Director Operations Rizwan Ashraf Director Technical Steven Lai Director Marketing & Communication Krishnan Thiruvengadam Director Cybersecurity Awareness Maura Jones Director of Education & Career Development Jing Zhang-Lee Conference Director Robin Basham We’d like to especially thank Jason Hoffman and Rizwan Ashraf for arranging our sponsorship at Saba Software