Cost: Free
CPE: 2
Topic: This webinar will include an Azure Overview, Audit Approach, Additional Audit Considerations (e.g.Azure Security Center, Networking and Virtual Machines, Azure Active Directory, Database Services). An Azure scripting demo and checklist of items to review will be included.
Speakers: Kari Zahar, CISA, CIPP and Kris Wall, OSCP, CISSP, CCSP
Kari is a Senior Manager with Stinnett and is based in San Antonio. She has over fourteen years of accounting and audit experience, including internal audit, external audit, IT auditing, and Sarbanes-Oxley.
Prior to joining Stinnett, Kari was a Senior Manager with Ernst & Young and worked in the IT Risk and Assurance, Advisory, Internal Audit co-sourcing, and External Audit service areas. Her internal audit experience includes developing annual audit plans and completing the full lifecycle of audits.
While co-sourcing internal audit with a Fortune 100 company, Kari was responsible for scoping, conducting planning interviews, developing risk and control matrices and associated testing programs, executing on-site fieldwork, creating audit reports, and tracking noted issues through resolution.
Kari’s external audit experience encompasses a variety of external reviews of audit clients. She facilitated project teaming for reviews of IT general controls, application controls, and other IT operational controls in support of financial auditing. She performed and executed third-party attestation projects (SSAE 16, ISAE 3402) in the financial services, high tech, and entertainment industries. Kari has Sarbanes-Oxley project experience through her prior advisory services role, including evaluating adherence to the corporate IT security policy through reviews of account termination procedures, password strength, configuration and change management, disaster recovery planning and testing, desktop security policy compliance, and security awareness programs.
Additionally, Kari has performed Oracle Financials and SAP general controls reviews focusing on application security, change control procedures, and logical access controls. She has also performed operating system and/or database security reviews of UNIX, Oracle, and SQL Server for multiple clients.
Kari holds a Master of Business Administration degree with a concentration in Management Information Systems and a Master of Science degree in Management Science from the University of Alabama, and a Bachelor of Science degree in Accounting from Sam Houston State University. Kari has earned the Certified Information Systems Auditor and Certified Information Privacy Professional certifications.
Kris is a Security Specialist with Stinnett & Associates. He is based in Oklahoma City and has more than 15 years of experience as an IT and security consultant. Kris is passionate about application security and regularly gives offensive and defensive talks at information security conferences, including BSidesOK and the Federal Bureau of Investigation’s Information Warfare Summit.
Prior to joining Stinnett, Kris served as a Senior Consultant & Lead Penetration Tester for Rural Sourcing with responsibilities for recruiting, training, and leading a new penetration testing department. Additionally, he provided training in the areas of web application security testing and secure development practices.
Kris’s former positions include serving as a Security Consultant & Penetration Tester for True Digital Security, performing such duties as application code review, application penetration tests, network penetration tests, physical assessments, vulnerability and risk assessments, policy writing, incident response and digital forensics, and security program development.
Kris is an Offensive Security Certified Professional (OSCP), an ISC2 Certified Information Systems Security Professional (CISSP), and an ISC2 Certified Cloud Security Practitioner (CCSP). Kris has also obtained CompTIA certification for Pentest+, Security+, A+, Network+, and is a Certified AWS Cloud Practitioner. He is a member of the Institute of Internal Auditors (IIA), InfraGard, the Information Systems Audit and Control Association (ISACA), and the Information Systems Security Association (ISSA.)
This webinar is sponsored by Stinnett Associates
