There will be a eight hours of CPE Sessions, with Lunch/Annual General Meeting/Elections at noon. The Annual Career Advancement Fair will also be held concurrent with the AGM, and during session breaks.
CPE Session 1 (morning 8a:00-12:00p) Data Analytics: A New World Order - Robotics Process Automation (RPA) and Artificial Intelligence (AI)
Presenters: Marios Damianides, Partner, North East Region Cyber Security Leader, EY, and John Russo, Director, Global IT Operations, EY
Summary: RPA is the use of a software ‘robot’ (a program) that replicates the actions of a human being interacting with the user interface of a computer system. Robotics Process Automation can provide advanced solutions to eliminate manual work - especially if used with complementary technologies. Artificial Intelligence (AI) possesses human-scale cognitive performance occurs along five dimensions: see, think, communicate, hear, and learn.
We will explore the definitions and uses of RPA and AI in business and the potential impact on risk management, controls and security. RPA has the opportunity to provide extensive value to companies, and the risk and control experience of internal audit can help highlight the risks from this enabling technology and its potential impacts on the controls environment:
Learning Objectives:
- What are the controls that need to be put in place to proactively protect the company from the access levels and capabilities of bots – how do you securely develop bots?
- With the increased use of RPA, what is the impact on security and controls and what is the role of internal audit, security and controls professionals?
- When considering RPA auditing, testing strategies will need to be modified and the impact on the availability and collection of audit evidence will need to be considered.
- What skillsets will these changes require in our auditors so they can address these risks and build RPA routines of their own?
- How can auditors create their own RPA routines to execute more controls efficiently? We will explore some options and demo some existing uses of RPA to, for example, automate testing.
- What applications exist for use of RPA and in implementing security controls, for example, IAM and analysis of logs for proactive correlation of events?
- Case studies and demos will be included to demonstrate the power of these new techniques.
About the SpeakersMarios Damianides, Partner, North East Region Cyber Security Leader, EY Marios is a Partner in the Advisory practice of EY and North East Region Cyber Security Leader. He has over 30 years of professional services experience leading global teams delivering security, business and large scale IT transformation programs. He has assisted several Fortune 500 clients in implementing agile security programs and architectures as well as broadening their protection and business improvements program.
He specializes in the Media & Entertainment and Technology sectors. He has served clients such as Sony, Disney, Viacom, IPG, Omnicom, Honeywell, McGraw Hill, Siemens, Verizon, Wal-mart and TI. He is also Past Chair of the International Board of the ISACA and IT Governance Institute. He is also a Board Member and Executive Committee member of the Board at the Lighthouse Guide.
John Russo, Director, Global IT Operations, EY John is a leader in IT Services with 27 years of experience at EY across various roles from automation, innovation, strategy, engineering, and support. His notable achievements include:
- Leads our Global IT Operations organization for EY (over 2,200 people) responsible for production IT infrastructure support and EndUser Support.
- Key contributor of team chartered to build the IT Services original organization.
- Global Managing sponsor for the IT Global Operate Model Sourcing and Location strategy resulting in Global Shared Service Centers to optimize IT delivery.
- Drives and leads the Global IT Operations organization comprised of IT Operations Automation and Optimization, Global Help Desk Services, On-Site Support Services, Perimeter Security Operations, Monitoring through Level 2 Infrastructure support, Data Center Infrastructure Management, Messaging & Collaboration platform support, Network Operations and Business Aligned Support teams.
- Co-led the Global End User Services Center of Excellence to achieve successes such as the Global Core Loadset by working together as a virtual team and overcame organizational barriers.
CPE Session 2: TBA
Session 2 (1:00p-2:00p): A Practical Approach to Conducting a Risk Assessment
Summary: Taking a risk-based approach to information security can be a daunting task. This presentation provides a step by step approach to conducting an information security risk assessment using the NIST SP 800-53-rev4 control framework as a foundation.
Learning Objectives:
- Examples and practical techniques will demonstrate how to adequately perform the various activities needed to identify, analyze, prioritize and communicate information security risks to your stakeholders.
- This systematic, programmatic approach to assessing information security risk will allow you to make better investment decisions in order to improve the security of your organization.
Session 3 (2:00p-3:00p): CISOs should use psychology not just technology to increase their influence and effectiveness
Summary: This presentation explains the psychology principles behind real world, practical techniques to develop your influencing skills which will improve your leadership abilities and increase the effectiveness of your cybersecurity program.
Learning Objectives: Cybersecurity professionals can ensure their message is heard across the organization, especially at the executive level, by employing six fundamental psychological principles that direct human behavior:
- Reciprocation,
- Consistency,
- Social Proof,
- Liking,
- Authority, and
- Scarcity
This presentation will provide practical techniques based on these psychological principles to increase the level of CISO influence and effectiveness. Additionally, we will highlight where attackers use these same principles for harm. Finally, real world examples will be shared demonstrating how to proactively arm your boss, leverage strategic peers and foster relationships with the advisors to executives. Leveraging your relationships and empowering others to carry the security message will enable business leaders to make informed decisions and increase the overall reach and effectiveness of your cybersecurity program. Technology alone cannot protect your organization. Learn how to deal with the human element of your environment.
About the Speaker for Sessions 2 &3
Brian Wrozek, Vice President Corporate Security, Risk and Compliance Management and Physical Security
Brian Wrozek is a seasoned cybersecurity executive with 20+ years of experience in IT and information security and management. As vice president of corporate security, risk and compliance management and physical security at Optiv, Wrozek oversees all corporate security functions including cyber operations, incident response, vulnerability management and security governance activities.
Prior to assuming this role, Wrozek was a managing executive director at Optiv who worked closely with security executives to provide c-suite advisory services defining cyber strategy, roadmaps and solutions to meet clients’ security objectives.
Wrozek is a former chief security officer (CSO) for Alliance Data, where he had enterprise responsibility for information security and physical security. Before Alliance Data, he managed all facets of electronic data and system security worldwide as the IT security and privacy director at Texas Instruments.
As an adjunct professor in the Satish and Yasmin Gupta College of Business at the University of Dallas, Wrozek teaches graduate-level cybersecurity courses. He is also a board member for the Texas CISO Council, an Information Sharing and Analysis Organization (ISAO).
Wrozek earned his bachelor’s in computer science from Michigan Technological University and his MBA, with an information assurance certification, from the University of Dallas.
Session 4 (3:00p-5:00p): Ally or Adversary? The three secrets to cultivating professional relationships that work
"Difficult to manage relationships sabotage more business than anything else." - John Kotter, Harvard Business School.
Summary: You cannot be successful in business, or in life, unless you are successful in cultivating winning relationships. This high impact and interactive keynote focuses on the ‘how’ of successful businesses, clarifying the rules of engagement across teams. In organizations where toxic behaviors are ignored, invariably inefficiencies abound, productivity and customer satisfaction decline and costs go up. Business is personal. Relationships do matter. This keynote is based on the bestselling book Cultivate: The Power of Winning Relationships by Morag Barrett
Learning Objectives: Participant Benefits
- Articulate why quality working relationships matter, the business and personal impact
- Apply the Relationship Ecosystem™ to diagnose the health and quality of your professional relationships
- Determine the next steps to develop your Ally relationships and manage Adversarial relationships
About the Speaker
Morag Barrett, CEO & Founder, SkyeTeam
Morag Barrett is the best-selling author of Cultivate: The Power of Winning Relationships and The Future-Proof Workplace. She is also the founder and CEO of SkyeTeam, an international HR consulting and leadership development company.
Originally from the UK Morag's career includes commercial finance, as well as executive and team development across Europe, America and Asia. At last count she has supported the development of more than 8,000 leaders, in 20 countries and on 4 continents.
Morag has been featured in inc.com, business insider, TheStreet.com, American Management Association and is a regular contributor to many publications.
Morag's global experiences result in a rich and challenging learning experience. Morag understands the challenges of running a business as well as the complexities of leading and managing the people that are part of that business.
Who should attend: IT Leaders (CIOs/CTOs/CSOs/CISOs), IT practitioners (Directors and Managers), IT Audit and Security professionals, Internal and External Auditors.
Field of Study: IT Audit & Security managerial knowledge and skills, particularly communication
Instructional delivery method: Group Live
Annual Career Advancement Fair HOST-a-TABLERecruiting Firms, Accounting Firms, Consulting Companies, and Companies who are hiring are all invited to participate. All activities, CPEs, and Lunch are FREE for up to two persons involved in Hosting-a-Table.
We offer one table for two participants (free entry) to network and present their (your Company) brochures and give-aways.
Setup starts around 7 am, same as previous years – this is an all-day event.
Table Hosting is at no cost – it is Free for two per table.
CPE/Educational Credits are earned for attendance to sessions.
To HOST-a-TABLE, please contact: VP Membership at membership@isaca-denver.org
Additionally, you can upgrade to a Sponsorship for the Event! A $500 Sponsorship includes:
Recognition table displays for your support to the organization.
Announcements throughout the event of the support by your company to the organization.
Rolling Thunder PowerPoint Display of your support
Contact: VP Membership at membership@isaca-denver.org to reserve your sponsorship
Agenda 07:00am - 08:00am Networking
07:30am - 8:00am Breakfast
08:00am - 8:10am Chapter Announcements
08:10am - 12:00pm CPE Session
12:00pm - 01:00pm Luncheon and Annual General Meeting (Officer Reports & Elections)
01:00pm - 05:00pm CPE Session (Continued)
past_event