December 2022 Chapter Meeting - ISACA and ISSA Holiday CPE Bash

When:  Dec 13, 2022 from 13:00 to 18:00 (MT)
Associated with  Denver Chapter

Sponsored by AuditBoard 

In Person Only event

• December 13, 2022 1-6:30pm
• History Colorado Center
• Free to members of ISACA and ISSA
• Multiple speakers and CPE opportunities
• Complimentary Cocktails and Appetizers


1:00 PM-1:30 PM - Doors Open, Check In, Networking
1:30 PM-2:45 PM - Topic and Speaker 1 - More information coming soon.
3:00 PM-3:50 PM - Topic and Speaker 2 - More coming soon.
4:00 PM-5:00 PM - Topic and Speaker 3 - More coming soon.
5:00 PM-5:30 PM - Speaker Panel and Wrap Up
5:30 PM-6:30 PM - Happy Hour and Networking

Session 1: Treat the SOC as a Service to the Business - Allie Mellen

Treat the SOC as a Service to the Business    

Twenty years ago, security operations was an ad hoc capability to fill a burgeoning need for security teams. Now, it plays a major role in shaping the security team, establishing trust with customers, and working with the rest of the business. In this talk, we showcase a new model based on five core tenets for how the SOC can operate to best serve the rest of the business and fulfill its ultimate mission: to stop breaches. 

Session 2 Staying Alive: What it means to be Cyber Resilient - Doug Brush

It is not a matter of if, but when, your organization will suffer an incident that impacts the technology supporting your business. How will your organization continue to operate and recover during cyber or other incidents? There is no way to stop all risks to the company, and you must plan for contingency operations.
This presentation will focus on resiliency and provide planning strategies for continuity and recovery. We will discuss what others are doing and what you can do to increase your resilience.
After completing this session the attendee will be able to:
    • Shift program focus from reactive defense to resilience
    • Understand the resilience framework resources available
    • Have insight into the key components of a resident program

Session 3: Ethics in CyberSecurity - Karen Worstell

Events in 2022 created a disruptive inflection point in cybersecurity. Geopolitical changes dramatically increased the severity of cybercrime against US institutions and enterprises and a CSO was convicted of obstruction of justice for his part in addressing a ransomware attack against Uber. Another CISO turned whistleblower after his attempts to brief the board on cybersecurity vulnerabilities were thwarted.

It's time to realize that the approach we've been using to risk management, ransomware response, and cyber governance is completely broken. It is taking an unacceptable human toll in terms of moral injury and burnout. It is driving a mountain of regulation that is creating new risks of its own. Our biggest risk is technical debt. Meanwhile, ransomware damage is estimated to exceed $20B in 2022.

This session by cyber strategist and former CISO Karen Worstell will focus on the current state of cybercrime, why the existing models of risk management aren't working for anyone except the criminals, and share the framework used successfully for a major wireless carrier that creates a "build once, comply many" computing environment to minimize exposure to current and future cybercrime.


Allie Mellen, Senior Analyst, Forrester
Allie supports security executives and professionals in building and maturing their threat detection and response strategies. Her coverage includes the people, processes, and technology in security operations. From a technology perspective, this includes security information and event management (SIEM); security user behavior analytics (SUBA); security analytics (SA); security orchestration, automation, and response (SOAR); endpoint detection and response (EDR); and extended detection and response (XDR). Her research focuses on the current state and evolution of ransomware, MITRE ATT&CK, analytics, AI/ML, detection, automation, and response in security.

Allie has been a featured speaker at many leading security conferences, including RSA Conference, Black Hat, HOPE, and others. She has been quoted in top business press outlets including NPR, The Washington Post, The Wall Street Journal, CNN Money, CNBC, and Dark Reading.

Previous Work Experience

Prior to joining Forrester, Allie spent a decade in engineering, research, and technical consulting roles at MIT and several venture-backed startups. In addition to running her own engineering and development consultancy, she has also spent time as a security practitioner, doing hardware security research and working with product and infrastructure security teams.


Allie holds a Bachelor of Science in computer engineering from Boston University.

Doug Brush
Douglas Brush is a Global CISO Advisor CISO for Splunk and an information security executive with over 30 years of entrepreneurship and professional technology experience. He is a globally recognized expert in cybersecurity, incident response, digital forensics, and information governance. In addition to serving as a CISO and leading enterprise security assessments, he has conducted hundreds of investigations involving hacking, data breaches, trade secret theft, employee malfeasance, and various other legal and compliance issues. He also serves as a federally court-appointed Special Master and neutral expert in high-profile litigation matters involving privacy, security, and eDiscovery. He is the founder and host of Cyber Security Interviews, a popular information security podcast. Douglas is also committed to raising awareness about mental health, self-care, neurodiversity, and diversity, equity and inclusion, in the information security industry.

 Karen Worstell
Karen Worstell is well known in technology and cybersecurity circles as a serial CISO for iconic brands, advocate for cyberpros, speaker, and author. She got her start in computer security thanks to a software engineering professor who encrypted the final exam.
In her 30+ years of cybersecurity, her experience spans multiple industry verticals in research and engineering, consulting and advisory, and operational roles leading security, Risk Management, Privacy, and BCDR at Bank of America, AT&T Wireless, Microsoft, and Russell Investments, multiple times as CISO. She has served on the security advisory boards for the US Department of Commerce, Aerospace Industries Association, and National Security Telecommunications Advisory Committee. She is active in ISSA and ISACA and is a Distinguished Fellow of the ISSA. Karen frequently appears on media channels speaking about human and technical aspects of cybersecurity and hosts an online program for VMware called "Ask the Howlers."

Today she serves as senior cybersecurity strategist for VMware in the Network and Advanced Security Group where she regularly advises global customers and state and local governments on cybersecurity strategy.

Karen is the author of Your Amazing Itty Bitty Book for Personal Data Protection, Governance and Controls for Cutting Edge IT, the Role of the CISO in the Cybersecurity Handbook, and co-authored Evaluating the Electronic Discovery Capabilities of Outside Law Firms with Jeffry Ritter, JD.

Ms. Worstell lives in Lone Tree, Colorado with her cyberpro husband, Craig, and their Golden Retriever, Rocky Mountain Cody Bear.

She loves to engage, educate, inspire and motivate audiences and clients and has done so all over the world.


History Colorado
1200 N Broadway
Denver, CO 80203
Event Image


Don Mapes