Registration required: April 10, 2025 – 7:00pm – 9:00pm Pacific Time | 2 CPEs
Bylaws Update
We are presenting the revised bylaws of the ISC2 East Bay Chapter for your review and vote. These bylaws are essential as they define our chapter’s purpose, membership guidelines, and operational framework.
Key Enhancements Introduced in Version 2.8:
- Enhanced Board Structure and Officer Roles:
- The governing body is expanded to a 15-member Board, enabling greater role specialization and efficient management. New positions like Director–Outreach, Director–Career Development, and Past-President are added.
- Detailed officer duties are provided, ensuring clarity and accountability, particularly for specialized roles like Director-Technology and Conference Chair.
- Refined Membership, Election, and Officer Transition Processes:
- Membership guidelines are clarified, including activity requirements, record management, and ethical conduct.
- The election process is formalized with specific timelines and procedures, promoting fair and structured transitions.
- Rules for officer vacancies, removals, waivers, compensation, and technology transitions are explicitly defined.
- Strengthened Financial and Compliance Framework:
- Explicit provisions for tax-exempt status, IRS filing requirements, and non-profit restrictions are included, demonstrating a commitment to legal and financial compliance.
- Implementation of a Conflict of Interest Policy:
- A detailed conflict of interest policy is added, ensuring that board members act in the chapter’s best interests and promote transparency and ethical governance.
- Improved Meeting Procedures:
- Specific rules regarding meeting attendance and adherence to Robert’s Rules of Order (12th edition) are established.
Session One – The Future of GRC Automation in Cybersecurity: How Automation Will Redefine Compliance
Mike Schreiner from Paramify will talk about how automation is transforming Governance, Risk, and Compliance (GRC), highlighting Paramify as the most efficient solution for simplifying compliance processes. Manual compliance is costly and error-prone. Automation addresses these challenges by streamlining documentation, enabling real-time gap assessments, and reducing human error. Paramify makes risk management accessible to everyone.
Mike is a business leader, entrepreneur, investor, and currently Chief Operating Officer at Paramify – the platform for automating compliance documentation. Paramify takes the process of generating and maintaining security documentation for compliance frameworks (including FedRAMP, CMMC, StateRAMP, SOC2, and more) from months of work down to hours, for a fraction of the cost. Mike has spent his career in startups, helping build and scale companies that solve hard problems – FedRAMP being one of the worst of those. He currently resides in Utah with his wife and four children.
With Paramify, you can:
- Automate SSPs and compliance documentation in days, not months.
- Simplify POA&M management and remediation tracking.
- Maintain up-to-date, future-proof documentation in OSCAL and human-readable formats.
By reducing planning time by 60%, documentation work by 85%, and remediation rounds by 40%, Paramify brings efficiency and joy back to GRC teams.
Compliance powered by tools like Paramify, is the future of compliance—faster, smarter, and frustration-free.
Session Two – Find Your API Exploits Before They Do – APISec
Dan Barahona from APISec will discuss why attackers are targeting APIs, how they are getting exploited, and what you can do to keep your applications secure.
Dan Barahona, Co-founder of APIsec University – a site with free API security content with 100,000 students. Dan has over 20 years in cybersecurity with leadership positions at Qualys, Anomali, HP/ArcSight.
APIsec Overview: The APIsec security testing platform discovers the most serious API vulnerabilities that lead to data theft and compromise. APIsec automatically creates and runs thousands of attack playbooks, custom-generated for each unique API, to find security vulnerabilities and data logic flaws BEFORE production. The zero-touch deployment model requires no source code access, no agents, and nothing inline. APIsec runs at the speed of DevOps, alerting security teams and developers immediately of new vulnerabilities in the CI/CD pipeline, ensuring all API code is continuously validated.
