Presenters: Trip Hillman (Weaver) & Becky Goza (GoldSRD)
Trip Hillman Session Overview: Cybersecurity - Internal Audit Risks Through the Eyes of a Pentester
Overview: Does your organization take the same approach to cybersecurity audits as penetration tests? Cybersecurity audits are often too broad for the allotted time and resources allocated and while issues are identified the procedures may not uncover where the real risk lies. In this session we’ll discuss how cybersecurity audit plans have traditionally been assembled and examine methods for methods and actionable steps you can consider for reprioritizing how you look into your environment for cybersecurity concerns.
- Understanding of MITRE ATT&CK
- Methods for updating Cybersecurity Audit Plans based on real-world risk
- Inventory of informative artifacts that may already exist within your environment
Trip Hillman, CISSP, CISA, CEH, GPEN, GCFE, GSNA, has more than a decade of hands-on experience evaluating cybersecurity in a broad range of IT environments. He has consulted with Fortune 100 companies, private equity groups, small enterprises and government entities alike on security and compliance, and has performed and led over 200 substantial assessments across hundreds of unique IT environments. He also performs cyber risk assessments, cybersecurity compliance assessments, vulnerability assessments and penetration tests to help companies improve their cybersecurity posture.
This hands-on experience — combined with ongoing education and active memberships in ISC2, IIA, ISACA and the Cloud Security Alliance — keeps Trip at the forefront of best practices, leading frameworks (including COBIT, NIST-CSF, CIS 20 CSC, ISO 27001) and regulatory requirements (including Sarbanes-Oxley and PCI).
Highly respected in his field, Trip teaches security auditing classes across the nation for the SANS Institute, the leading research and education organization for security professionals. His numerous certifications include Certified Information Security Auditor (CISA), Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), GIAC Systems and Network Auditor (GSNA), GIAC Certified Penetration Tester (GPEN), GIAC Certified Forensic Examiner (GCFE), GIAC Certified Windows Security Administrator (GCWN), and the Certificate of Cloud Security Knowledge (CCSK). He earned a Bachelor of Business Administration in management information systems from Baylor University.
Becky Goza Session Overview: Cybersecurity for Auditors
Overview: Cybersecurity is the highest risk and at the top of the minds of C-suite members at every company. This course will provide a practitioner’s viewpoint for both audit and cyber security professionals. Beginning with underlying fundamentals of cyber security, then going step by step through the primary focus areas, risk prioritization and key audit steps, this is a course for any auditor wanting to learn how to address cyber security as a key audit risk.
- Select & implement a cybersecurity framework
- Audit against a cybersecurity framework
- Develop a prioritized remediation plan
- Audit cybersecurity maturity
Rebecca “Becky” Goza serves in the Chief Information Security Officer role as Senior Manager of Information Security for Love’s Travel Stops and Country Stores. Prior to joining Love’s, Becky served as American Cancer Society’s Vice President of Internal Audit for sixteen years. While under the direction of Becky, the American Cancer Society’s Internal Audit department received the prestigious Institute of Internal Auditors’ Recognition of Commitment (ROC) Award.
Becky has over 25 years’ experience as an Internal Audit and Information Technology professional with strong expertise in IT management, IT security management, IT enterprise architecture, IT Audit, as well as Financial, Operational and Compliance Auditing. Becky is a Certified Information Systems Auditor (CISA), a Certified Internal Auditor (CIA), a Certified Fraud Examiner (CFE), a Certified in the Governance of Enterprise IT (CGEIT) certification holder, a Certified in Risk and Information Systems Control (CRISC) certification holder, a Payment Card Industry Professional (PCIP), and has a Doctor of Business Administration in Accounting.
For ISACA Members: Click on the link below and when registering on the IIA registration site, be sure to register as a "member"!