Spring Conference - click to register, scroll to bottom

Starts:  Apr 29, 2019 8:00 AM (PT)
Ends:  Apr 30, 2019 5:00 PM (PT)


The ISACA 50
th anniversary logo is the trademark of the Information Systems Audit and Control Association, Inc. (ISACA), registered in the United States and other countries. www.isaca.org

In an increasingly interconnected world, true innovation makes an impact globally as well as locally. ISACA’s global network of individual professionals, volunteers and enterprises provide that expansive force, innovating and advancing the positive potential of technology within that interconnected present and future. The story is simple—from a single chapter in Los Angeles to a global network of chapters covering every corner of the earth, ISACA extends and achieves global reach and relevance.

While ISACA International celebrates its 50th anniversary, your local Puget Sound chapter is celebrating its 40th in 2019! To support the mission of sharing, connecting and growing we are pleased to invite you to join us on April 29-30, for the two-day spring conference. We are excited to have the dynamic Steve Brown, better known as The Bald Futurist to kick off the conference!

With the announcement of COBIT 2019, we are excited to be one of the first chapters to offer two sessions where you can learn in-depth practical applications such as Implementing the NIST Cybersecurity Framework using COBIT 2019 and Applying Risk Governance and Risk Management with COBIT 2019. In addition, Mark Thomas will review the changes from COBIT 5 to the new 2019 framework. We welcome back Trey Blalock for a special technical session to review Threat Modeling and Reconnaissance tools.

We couldn’t have put together such a great offering without the support of our sponsor KPMG who is providing their beautiful auditorium in downtown Seattle. Please see the course descriptions for additional talks and speaker bios.

Register Now – Space is limited to 100 people and for the price will sell out quickly!

Walk-ins not permitted

Location: KPMG 1918 8th Ave, Seattle WA 98101
Earn 14 CPE Hours

Continental Breakfast, Lunch, Snack, and Beverages included

$250 ISACA Members

$375 Non-Members



  • $135 Annual International Dues
  • $35 Annual dues for local chapter (Puget Sound 035)
  • New members - $10 one-time registration fee

To Register - go to ISACA.org

Day 1 - Monday, April 29, 2019 8:00 am – 4:30 pm

Registration opens at 8:00 am – Conference starts at 9:00 am

Continental breakfast & lunch provided each day


Opening Keynote by Steve Brown

  • Going Digital: Building your Strategic Roadmap for the Next Wave of Digital
  • AI For Business

What your auditing process is missing by not including threat modeling and reconnaissance techniques. Presented by Trey Blalock


Breakout Session 1: Applying Risk Governance and Risk Management with COBIT 2019 Presented by Mark Thomas


Breakout Session 2: Threat Modeling and Reconnaissance Techniques

Presented by Trey Blalock (Technical session - limited to 30 people)

Day 2 - Tuesday, April 30, 2019 8:30 am – 5:00 pm

All day in-depth session Presented by Mark Thomas

Implementing the NIST Cybersecurity Framework using COBIT 2019

Plus, a special hour presentation by our sponsor KPMG, Fighting Cyber with Cyber.

Presented by Swarnika Mehta & Andi Cescolini

Presentation Topics
Day 1 - Monday, April 29, 2019

Going Digital: Building your Strategic Roadmap for the Next Wave of Digital

Presented by Steve Brown

The digital revolution has already transformed almost every business. The next wave of digital transformation will be radical and even more exciting than the last. Modern companies all now use word processing, databases, spreadsheets, email, CRM, ERP and so on; They sell their products online and have adopted mobile and cloud computing strategies. A new wave of technologies will enable businesses to integrate the physical parts of their business even more intimately with the digital world, using sensors, analytics, artificial intelligence, robotics, augmented reality, and 5G networking.

In this talk, futurist Steve Brown presents a fast-paced, fun exploration of what it will mean to “Go digital” in the next decade. The audience will explore examples from a wide range of industries and understand the business and technology strategies they will need to navigate the road ahead, to create new value for customers, and to stay ahead of the competition. Every company needs to write the next chapter of their digital transformation strategy as quickly as they can. This talk may be your first step on that important journey.

Artificial Intelligence for Business

Presented by Steve Brown

How mechanical minds will reshape every business, including yours. The news is filled with stories of how artificial intelligence (AI) will reshape our lives. Over the last forty years, digital computers have transformed every business. We now take word processing, spreadsheets, databases, computer control, CRM, ERP, the Internet, cloud computing, and many more IT business capabilities for granted. Artificial intelligence is the second major wave of computing. AI can solve a whole new set of problems that were either extremely difficult or impossible for traditional digital computers. Businesses can use AI to create new value, increase efficiency, optimize operations, boost customer service and to amplify the efforts of their human labor force with a huge new wave of AI-enabled automation. One of the leading minds in AI, Andrew Ng, has said that “just as electricity transformed almost everything 100 years ago, today I actually have a hard time thinking of an industry that I don’t think AI will transform in the next several years.”

In this talk, futurist Steve Brown uses compelling visuals, videos, and stories from a wide range of industries to explain what AI is, to demonstrate its capabilities (both current and projected), and then to explore automation philosophies for the AI era. This is a “must-see” talk for anyone in business today.

What your auditing process is missing by not including threat modeling and reconnaissance techniques.

Presented by Trey Blalock

This is a high-level talk to demonstrate how teams can leverage components of threat modeling and reconnaissance to locate items which could be missed from any type of audit process.

This talk will provide participants with new approaches to ensuring that their assessments are scoped correctly and help them detect potential issues. Additionally, this talk will provide information which can help your organization reduce legal threats. This talk will likely transform the way participants view security and assessments.

Leveraging reconnaissance techniques to find compliance gaps, prevent data leakage and protect your organization's assets.

Presented by Trey Blalock

Enjoyed Trey’s first presentation? This talk takes the subject to a technical level and walks participants through dozens of tools and techniques to quickly find data in interesting ways about their organization or possibly their entire supply chain. Although this is a more technical talk, it’s fast-paced, fun, and accessible to anyone who has an interest in learning more about security or how to leverage these techniques in their organization.

This talk will provide participants with knowledge of dozens of new tools and techniques that they can use to assess and secure their environments. Participants will walk away with a much stronger skill set for conducting assessments and be much more knowledgeable about what is possible to do from a reconnaissance perspective.

Note – this is a small break out session limited to 30 attendees, sign-up quickly to secure your place for this in-depth technical session.

Applying Risk Governance and Risk Management with COBIT 2019

Presented by Mark Thomas

In today’s highly digitized and aggressive business landscape, the difference between a successful organization and one that is not is how they govern and manage risk. 

There are countless standards, documents, bodies of knowledge and methods in our industry that have their own twist on handling risk, but many organizations don’t realize that there is a framework that encompasses aspects of governing and managing risk in a single framework.  That framework is COBIT2019. 

During this presentation, we will explore the dynamic world of governing and managing risk, in particular using COBIT2019 as a framework integrator to the multitude of standards and frameworks out there, as well as dive deep into practices and activities that should be core ingredients to your risk process by using real-world examples. 


  • Understand the application of risk practices and activities and how they are being used today with respect to digital transformation.
  • Select and prioritize scenarios to create a risk register that can be used in multiple enterprise environments.
  • Link the risk process to industry standards and frameworks to create appropriate and applicable controls.
  • Provide guidance on risk assessments that enable stakeholders to consider the cost of mitigation and the required resources against loss exposure.

General Outline:

  1. Standards and Frameworks Ecosystem
  2. Risk Governance and Management Essentials
  3. COBIT and Risk Primer
  4. Industry Guidance on Risk
  5. Risk in a digital environment
  6. Practical Scenario Crosswalk
  7. Closing and questions

Day 2 - Tuesday, April 30, 2019

Implementing the NIST Cybersecurity Framework using COBIT 2019

Presented by Mark Thomas

Cybersecurity has become a top priority for most companies.  Today, the NIST cybersecurity framework (CSF) is one of the top bodies of knowledge to assist organizations in the creation of a cybersecurity framework that is relevant and appropriate.  Coupling the NIST CSF and COBIT frameworks as a tool to integrate cybersecurity into overall governance structure increases stakeholder value significantly.

The NIST cybersecurity framework and COBIT are commonly known frameworks that help organizations create a sustainable cybersecurity program.  This workshop is focused on the Cybersecurity Framework (CSF), its goals, the implementation steps, and the ability to apply this information. In addition to learning the core concepts and implementation essentials, this class is full of practical examples, tricks, tips and advice.  


  • Understand the goals of the NIST Cybersecurity Framework (CSF).
  • Know and discuss the content of the CSF and what it means to align it with COBIT.
  • Recognize the seven CSF implementation steps.
  • Be able to apply and evaluate the implementation steps using COBIT

General Outline:

  1. Introduction and Objectives
  2. COBIT Review
  3. CSF Structure
  4. Implementation Phases
  5. Practical Example of a CSF Implementation
  6. Closing and Questions

Fighting Cyber with Cyber

Presented by Swarnika Mehta & Andi Cescolini

Researchers have long pondered the ever-proliferating amount of information which we bombarded and how we can efficiently manage, store, understand and utilize it. Innovation and a host of others have created a new risk matrix placing greater priority on deterrence and protection. Unfortunately, most legacy, IT infrastructure were not designed to meet the demands of this new environment and many companies are struggling to adapt not just in terms of architecture but also security controls and policies. In this session, we will provide a forward-looking approach on how the deep learning threats can be combat using deep learning solutions.


Steve Brown

CEO, Possibility and Purpose, LLC       


Steve Brown is an accomplished speaker, author, strategist, and executive coach. He is the former futurist and chief evangelist at Intel Corporation.

Using his 30 years of experience in high tech spanning research, planning, engineering, marketing, manufacturing, and management, Steve helps companies to understand the possibilities of the future and then build winning business strategies designed to create new value, delight customers, and optimize operations. He speaks about how continued advances in computing will intersect business, cultural and human trends to create both new opportunities and new challenges.

Steve has been featured on BBC, CNN, Bloomberg TV, ABC News, Wired, WSJ:Digits, CBS, and many other media outlets. His new book, Hacking Reality, will be published later this year.


Steve will present:

Going Digital: Building your Strategic Roadmap for the Next Wave of Digital

Artificial Intelligence for Business

Trey Blalock

Owner of Verification Labs

GIAC-GWAPT, GIAC-GPEN, GIAC- CGFA, CRISC, CISA, CISM, CISSP, SSCP, NSA-IAM                                                                                                                       

Trey Blalock is an independent Internet security specialist and security researcher who provides custom security solutions to some of the largest companies, governments, and organizations in the world. He used to manage global security operations for the world’s largest financial transaction hub, has served as a forensic expert witness for the US Department of Justice on several high-profile cases such as “Donald Vance vs. Donald Rumsfield” and has trained numerous Fortune 100 companies, consulting firms, and federal agencies such as the FBI, NSA, and DIA on network and system security.

Trey will present:

What your auditing process is missing by not including threat modeling and reconnaissance techniques.

Leveraging reconnaissance techniques to find compliance gaps, prevent data leakage and protect your organization's assets. (In-depth technical session, limited to 30 participants)

Mark Thomas


IT GRC and digital transformation expert

Mark is an internationally known Governance, Risk and Compliance expert specializing in information assurance, IT risk, IT strategy, service management and digital transformation.   As a former Army officer with over 28 years of professional experience, Mark has a wide array of industry experience including government, health care, finance/banking, manufacturing, and technology services.  He has held roles spanning from CIO to IT consulting and is considered a thought leader in frameworks such as COBIT, NIST, ITIL and multiple ISO standards. Mark routinely speaks at US and international conferences and earned the ISACA John Kuyer’s award twice for Best Speaker/Conference contributor of the year.  Mark also holds the CGEIT (Certified in the Governance of Enterprise IT) and CRISC (Certified in Risk and Information Systems Control) certifications.

Mark will present:

Applying Risk Governance and Risk Management with COBIT 2019

Implementing the NIST Cybersecurity Framework using COBIT 2019  


Swarnika Mehta

Director, KPMG

Swarnika is a Director in KPMG’s Cyber practice a frequent speaker at global information security and governance, risk and compliance industry events. She leads Cyber Security, Risk and Compliance (GRC) related business transformation initiatives for technology and telecommunication industries in the PNW. She has over 8 years of risk consulting experience and has a strong background in cyber security strategy and transformation, cloud security and compliance, risk management, and certification and accreditation (C&A). She was recognized by the US Consulting Magazine as the Top 35 under 35 Rising Stars of the Profession, for long-term commitment to excellence.

Swarnika will present:

Fighting Cyber with Cyber



Andi Cescolini

Senior Associate, KPMG

Andi is a Senior Associate at KPMG’s Advisory Cyber Security practice. She has over five years of experience in information systems with a focus in security, risk, and compliance.  Through her time with KPMG, she has served as a trusted advisor to leading telecommunications and technology organizations by helping them define, mature and scale their cyber security and Governance, Risk and Compliance (GRC) processes. Andi has been involved in highly impactful business transformation initiatives in the area of information security and risk management, third party risk and internal audit management. She holds a degree in Computer Science from the University of Notre Dame.

Andi will present:

Fighting Cyber with Cyber