When: January 7, 2026
Where: Online Via Teams / In-person at Metlife Offices, Cary [201 Metlife Way, Cary, NC 27513]
CPEs: Upto 3
Registration: Teams Registration Link
Session 0 - 1200-1300 - Planning the ISACA-RTC Professional Development Agenda for 2026
In-Person Only
As was briefly discussed last meeting, ISACA-RTC will be implementation a professional development session prior to our regular monthly training sessions. The board has some ideas of what we should cover, but we really want to hear from YOU, our members, on what the topics should be. In addition, we would like YOU to speak, as good public speaking skills is one of the areas that employers are looking for. The focus of these sessions will be on career growth and advancement, and things that can help all members move to the next stage of their career goals. If you have any specific topics you want covered, now is the perfect time to let us know, so we can work on incorporating it into our schedule.
Speakers: ISACA-RTC Board Members
Session I - 1300-1430- The API Security Blueprint - From Basics to Advanced Defense
Led by Dr. Baljeet Malhotra, an internationally recognized expert in API Discovery, Security and Governance, this webinar will be focused on understanding and implementing robust API security programs. Participants will start with the foundational principles of API security,
including authentication, authorization, and data protection. The webinar will then progress to advanced strategies, such as securing API gateways, preventing common vulnerabilities like injection attacks, and leveraging tools for monitoring and threat detection
Speaker: Dr. Baljeet Malhotra, Founder & CEO of TeejLab
Session II - 1445-1615- Leveraging the MITRE ATT&CK Framework for Cyber Threat Intelligence
The MITRE ATT&CK framework provides a valuable perspective for understanding how real-world threat actors operate across different industries. By mapping adversary tactics and techniques to organizational environments, IT auditors can develop audit plans that directly address the most relevant risks to their organization. This session will explore how ATT&CK can be used to identify which threat groups target specific sectors, analyze their attack methods, and align effective countermeasures with audit objectives. Attendees will gain practical insights into using ATT&CK as a bridge between cybersecurity operations and IT audit planning, ensuring that audit programs are both meaningful and flexible to adapt to the changing threat landscape.
Speaker: Keith Stouder, CEO, Cytelus, LLC
Keith Stouder is a cybersecurity and privacy professional with nearly 30 years of experience leading organizations through complex risk, compliance, and governance issues. He is the founder and CEO of Cytelus, a virtual CISO and strategic cybersecurity advisory firm.
Keith has served as VP, Data Privacy and Protection Officer at ACT, where he developed enterprise programs focused on privacy, security, and AI governance. Previously, he led privacy and IT risk management at Duke University. Earlier in his career, he managed enterprise architecture and product innovation at BlueCross BlueShield of North Carolina, creating an award-winning third-party risk intelligence tool. Keith’s work has included board-level advice, privacy program development, regulatory compliance, risk assessment and analysis, third-party risk management, and hands-on implementation of security technologies. He is passionate about helping organizations align business priorities with robust privacy and security practices, bringing both technical expertise and strategic vision to every role.