SlideShare a Scribd company logo
August 23rd & 24th - Santa Clara, California
This event counts towards 14 hours of Continuing Professional Education
14 CPEs
ISACA SILICON VALLEY
2012 Summer Conference
Enabling Trust: Business In the Cloud
Schedule August 23rd 3
Schedule August 24th 4
Day 1 Sessions and Bios 5
Day 2 Sessions and Bios 9
Sponsors 15
From the ISACA SV Board 16
About Our Committee 17
Venue Information 18
Academic Relations 18
Conference BrochureCloud Business Track- What Business has done to
Enable our Trust
Auditing Track- How Cloud Affects Audit Methods to
Ensure & Assess
Cutting Edge Business, Audit & Technology Topics
14 Sessions by Notable Industry Experts
Thursday Night Networking Reception
Sponsor Exhibits and Raffles
http://www.isaca-sv.org
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 2
Program Day One -Thursday, 23 August 2012
Time Event / Topic Speaker
8:00 AM Registration, Networking & Coffee,
8:45 AM Welcome Message from the ISACA SV President and
The ISACA SV Board
Sumit Kalra, Robin Basham
The ISACA Board
9:00 AM Keynote:
Session 1-1: Our Responsibility in the New Cloud Economy
Wolfgang Kandek
CTO - Qualys, Inc.
9:30 AM Session 1-2 : The Boundaries of Business When Your Business
is SaaS. How to Design Software Users Love
(Kevin Hale is the Founder of WuFoo, recently acquired by Sur-
vey Monkey.)
Kevin Hale
Sr Product Manager
SurveyMonkey
10:30 AM Session 1-3 : Building And Maintaining Trust In An Increasingly
Social And Mobile Environment
Bill Ender
Director, Consulting
Practice - EMC Consulting
11:30 AM Lunch and Networking - Enjoy time with Conference Sponsors
12:30 PM Session 1-4: Rethinking Web-Application architecture for the
Cloud
Arshad Noor
CTO - StrongAuth, Inc.
1:30 PM Session 1-5: Intelligent Operations, Leveraging Cloud &
Virtualization - Setting The Right Operational Targets
David Robbins
CIO - Ellie Mae, Inc.
2:30 PM Session 1-6: Business Risk Intelligence - Information Security
Management, Risk Management, and Industry
Compliance Initiatives - how do you keep it all straight
Gordon Shevlin
CEO - Allgress
Chris Armstrong,
CISO - Allgress
3:30 PM Break
3:45 PM Session 1-7: Executive Panel Discussion - Moderator: Eric Tan, PwC
Enterprise Systems - The Secret to Their Success
• Ahmed Datoo, CMO - Zenprise
• Douglas Barbin, Principal, BrightLine
• Douglas A. Brown, Sr. VP of Eng Operations, NetSuite, Inc.
• Doug Meier, Director Security & Compliance, Pandora
5:15 PM Sponsors Exhibit, Networking & Reception (until 7:30 PM)
Cloud Business Track- What Business has done to Enable our Trust
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 3
Program Day Two—Friday, 24 August 2012
Time Event / Topic Speaker
8:00 AM Networking & Coffee
8:30 AM Message from the ISACA SV President
Sumit Kalra, Robin Basham
The ISACA Board
8:45 AM Session 2-1: “Did you want controls with that?” Model for
IT Assurance as a Service – The Emergence of Controls in
Infrastructure as a Service SLA
Jeff Reich
CRO - Layered Tech
9:30 AM Session 2-2: Big Business Big Risk, How We Measure a
Secure Enterprise
Mike Pearl
Principal, Cloud Strategy
Practice, and Partner - PwC
10:30 AM Session 2-3: Building Enterprise Level Security into Public
Clouds
Kartik Trivedi
VP / Co-Founder at Symosis
Lenin Aboagye
Apollo Group, Inc.
11:30 AM Lunch and Networking - Enjoy time with Conference Sponsors
12:30 PM Session 2-4: Using COBIT 5 Process Assessment Model
(PAM), Followed by “Applying ISACA Guidance to
Understanding the Value of Our Data, Big Risk—Big Data”
Debra Mallette
ISACA SF Past President
Robin Basham
ISACA SV Conference Dir,
CEO, EnterpriseGRC Solutions Inc.
1:30 PM Session 2-5: Benefits and Potential Drawbacks to
implementing SAP as a Hosted Solution. How ERP Controls
are Same and Different when Serviced In the Cloud
Mark Richter
President
iStreet Solutions, LLC
2:30 PM Session 2-6: Closing the Gap Between Security and Com-
pliance
Fred Kost
Head of Product Marketing
Check Point Software
Technologies
3:30 PM Break
3:45 PM Session 2-7 Panel Discussion - Moderator: Sumit Kalra, Director at Burr Pilger Mayer
Trust Services in Cloud Based Business, Session Description
• Jay Swaminathan , Director SOAProjects
• Harshul Joshi, Director PwC
• Jeremy Sucharski, Dir Armanino McKenna, CFO Advisory Services Practice
• Brian K. Taylor, Sr. Dir of Compliance, Systems and Tools at NetSuite Inc.
5:15 PM Sponsor Raffles and Conference Closing Remarks
Auditing Track- How Cloud Affects Audit Methods to Ensure and Assess
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 4
Session 1-1 Description: Responsibility in the New Cloud Economy
Wolfgang is a frequent speaker at security events and forums including Black Hat, RSA Confer-
ence, InfoSecurity UK and The Open Group. Wolfgang is the main contributor to the Laws of
Vulnerabilities blog. When we asked who might speak to “Responsibility in the New Cloud
Economy” Wolfgang’s leadership at Qualys seemed the perfect fit.
Presenter: Wolfgang Kandek, CTO - Qualys
Wolfgang is responsible for product direction and all operational aspects of the
QualysGuard platform and its infrastructure.
Wolfgang has over 20 years of experience in developing and managing information systems.
His focus has been on Unix-based server architectures and application delivery through the
Internet. Prior to joining Qualys, Wolfgang was Director of Network Operations at the Online
Music streaming company myplay.com and at iSyndicate, an Internet media
syndication company. Earlier in his career, Wolfgang held a variety of technical positions at
EDS, MCI and IBM. Wolfgang earned master's and bachelor's degrees in computer science
from the Technical University of Darmstadt, Germany.
Visit: http://www.qualys.com
Session 1-2 Description: The Boundaries of Business When Your Business is SaaS– How to
Design Software Users Love
(Open your mind to business without walls.)
There's been a paradigm shift in business over the last 20 years. Users and customers want a
relationship. They want to fall in love. When it comes to software and the Internet, you don't
have the benefits and reminders of face to face interactions, so it's easy to forget how a little
love goes a long way.
This session shares the story of Wufoo and also look at how companies and their products
are wooing their users, keeping the romance alive and sustaining lasting relationships that
turn out to make for profitable returns.
Presenter: Kevin Hale, Senior Product Manager - SurveyMonkey
Kevin is the Co-founder of Infinity Box Inc, a Y Combinatory seeded company that built
Wufoo, an online form builder, ranked by Jakob Nielson as one of the best application UIs of
2008. After selling Wufoo to SurveyMonkey for 35 million dollars in 2011, Kevin is now Sen-
ior Product Manager responsible for safeguarding and enhancing the user experience of Sur-
veyMonkey's products.
The conference feedback forms have been supplied for free
by the brilliant engineers and generous founders of Wufoo.
Visit: http://www.wufoo.com
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 5
Session 1-3 Description: Building and Maintaining Trust in an Increasingly Social and Mo-
bile Environment: How do we protect information in a universe increasingly dominated by
services (Facebook, Google+, LinkedIn, etc.) and devices (smartphones, iPads, etc.) designed
to make information transparent and portable
Presenter: Bill Ender, Director, Consulting Practice – EMC Consulting.
Bill is EMC's GRC Evangelist. Prior to joining EMC, Bill was Senior VP of Corporate Information
Security for Wells Fargo Bank (2003-2010), where he led the creation, implementation an main-
tenance of the Information Security Management Program, policy, controls, regulatory compli-
ance, training and awareness, reporting and support for Line of Business executives and the
company‚ Atos 150+ Information Security Officer community. At Wells Fargo, he developed and
maintained strong relationships with key business leaders, Chief Risk Officers, Internal Audit,
Corporate Security, Technology Operations, vendors, service providers, and external industry
consortia and agencies. He also led the implementation of solutions for automated policy and
incident management, control testing, and reporting; promoted integration of Information Secu-
rity-specific tools into the Corporate Enterprise Risk Management Reporting Dashboard; and
championed a common process/architecture model for all Operational Risk Management disci-
plines.
Bill's professional career prior to joining Wells Fargo included roles as Chief Technology Officer
for a large, Arizona-based Managed IT Services and Application Hosting company; Cofounder
and Chief Technology Officer for an industry-leading software development and professional
services company in the areas of Identity and Access Management and Secure Web Portals;
and 12 years in various Information Technology Operations and Research & Development roles
with several divisions of Motorola, Inc., where he led multiple teams in the design and deploy-
ment of secure network infrastructure, business process automation, and communication and
collaboration tools to support a global community of employees, contractors, customers and
partners.
Session 1-4 Description: Rethinking Web-Application architecture for the Cloud
This session reveals how StrongAuth solves a common business requirement using defined
and unique web-application architecture - Regulatory Compliant Cloud Computing (RC3) -
which enables secure cloud-computing. The discussion aids the attendee in considering the
elements of architecture that would ensure strong security of sensitive data in the public
cloud, with emphasis toward a typical low cost budget. StrongAuth, CEO, shares the creation
and reasons for the RC3 architecture and how it is validated by customers for securing finan-
cial and healthcare data. Visit: http://www.strongauth.com
Presenter: Arshad Noor, CTO, StrongAuth Inc..
Known for his significant experience in enterprise-scale IT architecture, cryptography and
open-source software, Arshad Noor is the designer and lead-developer of StrongKey; the
industry's first open-source Symmetric Key Management System, and the StrongKey Lite En-
cryption System - the industry's first appliance combining encryption, tokenization,
key-management and a cryptographic hardware module. He is a many time author and
speaker at forums on the subject of encryption and key-management.
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 6
1-5 Session Description: Intelligent Operations, Leveraging Cloud & Virtualization Setting
Right Targets
Dave Robbins, Sr. Vice President and CIO at Ellie Mae, Inc. will share his thoughts on the chal-
lenges that both internal IT and public facing (SaaS) technology providers face today. He will
discuss some of the changing business needs and expectations that are pressing technology
service providers to new delivery models and a greater focus on supporting core business
strategies. Finally, Mr. Robbins will share the technology journey he has been driving at Ellie
Mae and some of the results and lessons learned along the way.
Presenter: David Robbins, CIO and Sr. VP of Ellie Mae, Inc.
Joining Ellie Mae in January 2012 from a role as Vice President of Global Infrastructure with
NetApp. David led North American infrastructure services strategy for Capgemini Outsourc-
ing. He is a 30-year veteran of the information technology industry, having been director of
engineering services at Totality Inc. and in various leadership roles during a 15-year tenure at
Electronic Data Systems.
Session 1-6 Description Business Risk Intelligence
With all the new regulatory focus on ensuring a comprehensive approaches to managing your
Information Security program, Risk Management, and industry compliance initiatives, how do
you keep it all straight. Your budgets are not expanding, your resources are constrained, and
your leadership is perplexed by the impact of these initiatives on their organization.
Co—Presenter: Gordon Shevlin, CEO of Allgress.
He brings more than 25 years of business leadership, technical development, sales,
marketing and management experience to the company.
He previously co-founded SiegeWorks and SiegeWorks International, a digital defense
services firm. There, he grew the company from 3 to 120 employees, building a strong inter-
national presence and managing its successful acquisition by FishNet Security, the na-
tion's leading provider of information security solutions that combine technology,
services, support and training. At FishNet, he served as executive vice president of sales.
Shevlin graduated from the University of Michigan.
Co-Presenter: Chris Armstrong, CISO.
He brings 18+ years of experience in information assurance and technology to Allgress. He
has a proven track record of influencing product development and strategy in response to the
demands of customers who manage information assurance, security and risk programs within
large-scale, complex, global environments. Over the course of his career, he has specialized
in information security strategy, architecture and operations; global threat management and
assurance; risk management; governance and regulatory/statutory compliance; and global
policy management and compliance. Prior to his role with Allgress, Armstrong served in simi-
lar leadership roles with Fortune 500 companies in the hospitality, high-tech, health care, and
financial sectors. He is a Certified Information Systems Security Professional (CISSP).
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 7
Session 1-7 Executive Panel
Moderator: Eric Tan, CISA, CGEIT, CPA, Director, PwC
Eric Tan, CISA, CGEIT and CPA. Eric is a Director at PwC with over twelve years of
experience delivering IT governance and risk management solutions. Eric currently leads PwC's
cloud and internet assurance practice based in Silicon Valley.
He serves as an internal audit and compliance advisor to various leading SaaS providers in the
bay area. His experience includes leading large scale system assessments, performing risk and
security reviews; business continuity & disaster recovery diagnostics, and helping his clients
implement various compliance and control solutions.
Eric focuses on clients in the technology sector. Clients he has served includes Google, eBay,
LinkedIn, Novell, Tibco, Shutterfly,and Proofpoint.
.
Panelist: Douglas A. Brown, Sr. VP of Engineering Operations at NetSuite Inc. (NYSE: N).
In this role, Doug is responsible for Uptime, Performance, Security, and Compliance of the Net-
Suite Service. NetSuite Operations have achieved PCI-DSS, SAS-70, SOC1,
EU-SafeHarbor, SOX, and other compliances. He is additionally responsible for the teams
within NetSuite such as : Facilities, IT, Infrastructure, Release, Network, DBA, and Systems
Administration. Previously he has been responsible for the Quality Assurance and Internal
Audit Departments. Doug has worked for NetSuite for 11+ years. Prior to NetSuite, he worked
as a Research Chemist at Henkel Corporation. He holds a Bachelor of Arts in Chemistry from
Indiana University and a Masters in Science in Chemistry from the University of Detroit-Mercy
Panelist: Douglas Barbin, Principal, BrightLine, CPA Firm, PCI QSA, ISO 27001 Registrar.
Doug is a Principal at BrightLine, responsible for all attestation, compliance and certification
services for the western United States as well as the PCI and federal (FedRAMP) compliance
practices firm-wide. After starting his career with Price Waterhouse, he spent the majority of
the technology boom building and operating information security and compliance programs
for Fortune 500 enterprises and major technology providers. Doug was previously the director
of product management for VeriSign’s managed security services business prior its sale to
SecureWorks (now Dell). He was also the overall practice leader for VeriSign’s compliance
solutions. Doug is a licensed CPA, and maintains other certifications including CISSP, PCI QSA,
and certified fraud examiner (CFE). He was one of the first CSA Certificate of Cloud Security
Knowledge (CCSK) recipients where he is an active participant in the CSA’s Cloud Control
Matrix (CCM) and CloudAudit initiatives.
He has dual-degrees in Accounting and Administration of Justice from Penn State and an MBA
from Pepperdine.
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 8
Session 1-7 Executive Panel
Panelist: Doug Meier, Director, Security & Compliance at Pandora
Doug brings 20+ years experience designing and managing infrastructure, security, disaster
recovery, and compliance programs for Silicon Valley Internet companies.
Doug has designed corporate security programs, managed Exchange mail server migrations for
a globally distributed enterprise, architected and implemented regulatory compliance
programs and Disaster Recovery initiatives, and managed operations of enterprise-wide
IT services and knowledge systems.
Panelist: Ahmed Datoo, Chief Marketing Officer, Zenprise
Ahmed Datoo's experience in the technology industry spans strategic planning, brand
marketing, software engineering and product management. Prior to Zenprise, Mr. Datoo was
at EDS, where he was a global Director of Product Development. While at EDS, he built and
launched several workflow automation and monitoring automation modules that generated
multi-million dollar savings globally. Prior to EDS, Mr. Datoo was on Loudcloud's product
management team where he focused on monitoring, storage and performance networking
products. Previously, he was a brand manager at Yahoo! where he co-developed the print and
radio promotions for Yahoo! Shopping. Mr. Datoo began his career as a strategy consultant at
Accenture where he created high tech product development strategies for telecos, media
conglomerates and hardware manufacturers. Mr. Datoo holds an MBA, M.A., and B.A. from
Stanford University.
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 9
Session 2-1 Description: "Did You Want Controls With That?"
While companies attempt to achieve and maintain compliance in order to reduce or eliminate the regu-
latory, statutory or industry pain of non-compliance, no one likes to chase compliance for the sake of
being compliant. The complex compliance landscape has overlapping requirements, tools and practices
and some of these are even contradictory. Every time you have to focus some of your already limited
resources on navigating through the compliance jungle, you pull further and further away from effec-
tively utilizing those resources to drive your organization forward. Managed services and cloud services
have matured enough to allow you compartmentalize your compliance initiatives and leverage service
providers who are qualified to manage compliance needs on your behalf. Like any other outsourced ser-
vice, you should expect support and service levels to meet or exceed your expectations. The session will
not only focus on what to look for in a Service SLA, but it will also provide recommended best practices
for maximizing your relationship with your managed services provider so that you can refocus internal
resources on meeting overall business goals. Visit: http://www.layeredtech.com/
Presenter Jeff Reich, Chief Risk Officer, Layered Tech, ISSA Distinguished Fellow, CRISC,
CISSP and CHS-II
Responsible for driving the company’s security and compliance services and guiding customers’ risk miti-
gation efforts. With more than 30 years of experience, Reich is a well-known risk management and secu-
rity expert in the hosting market. He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distin-
guished Fellow. His extensive background includes successful programs that have dealt with secu-
rity policies, information security, internal controls, physical security, liaison work with local and federal
law enforcement, regulatory and audit compliance, business continuity planning, abuse and policy en-
forcement management, and change control. Prior to joining Layered Tech, Reich was the chief security
officer for Rackspace Hosting, and he also held positions as vice president and chief security officer of
CheckFree and senior manager of information protection at Dell Inc.
2-2 Session Description: Looking At Cloud Strategy Through The Lens Of Value
Strategy – business imperatives, identify technical components of cloud computing in your organization
People – Anticipate a reassessment of talent needs; for example, IT will require architects with the ability
to leverage the new cloud capabilities.
Processes – Anticipate changes across the organization;
Technology – Be prepared to address internal challenges, such as data security and governance in the
cloud model, and shifting service models to the business.
Structure – Thoughtful consideration of the organizational impacts will smooth the transition to cloud
computing; for example, consider the impact that rapid and inexpensive provisioning of technology will
have on product development.
Presenter: Mike Pearl, Principal Cloud Strategy Practice and Partner with PwC.
Mike has extensive experience in helping organizations assess, design and implement strategies. Fo-
cusing on the improvement of business and technology process, internal controls and risk management
he is the lead technology Partner on some of PwC’s larger Technology clients and specializes in delivering
consulting services Software and Internet companies. His work includes helping organizations with their
process, technology and security issues related to Software Digital Distribution. Specifically he led a
web application architecture assessment project over an online software distribution application for a
global software company identifying Improvement opportunities related to the architecture and con-
trols over the development and operation of the application.
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 10
2-3 Session Description : Apollo Group's business vision includes delivering educational and related
business services throughout the world in various forms. One of the key solution is a SaaS based offer-
ing of educational platform. To execute on the business vision successfully we needed the following:
• Agile environment that enables Apollo to scale based on needs of the business
• Reduce time to bring new services online
• Improve the overall experience of the tenants
• Reduced risk to business
• Maintain compliance
• Global view
• Reduce the overall cost
Cloud’s value resides in on-demand resources, offering agility to bring new services on, elasticity to
scale up and down, an automated self-service model, and access to services from anyplace and any-
where in the network. The cloud approach optimizes use of resources to drive a cost-effective solution.
Cloud initiatives are critically important to Apollo in achieving the strategic goal of having a nimble IT
infrastructure and Education Platform with an solid security backbone. The IaaS cloud delivery model
that Apollo chose is a Hybrid Cloud with Amazon being the Public Cloud Vendor. The talk goes into how
enterprise-level security can be achieved in any Public cloud as well as non-traditional and customized
ways of addressing general security requirements within public clouds from Vulnerability Assessment,
Access Management, Key Management, Database Monitoring, IDS/IPS deployment, Application Secu-
rity, Database Security , Security Monitoring , Traditional/Virtual Patching etc. .We will also delve into
additional security requirements that are unique only to public cloud when it comes to addressing secu-
rity of Tenant data. Finally, the discussion will take a journey into the architectural, design, practical
implementation, selection process of CSPs, gaps and best practices found through building Apollo’s
Education Services on a Hybrid Platform (Public/Private)
Presenter: Kartik Trivedi, VP / Co-Founder at Symosis
Symosis, a high end mobile and application security advisory firm with more than a decade of experi-
ence in providing security risk assessment, quantification, remediation and compliance management
services to Fortune 500 companies. Kartik has performed several hundreds application security assess-
ments, code reviews, reverse engineering analysis, threat models, penetrations tests, network reviews
and incident responses. He was previously the director of application security at Accuvant, Security
Manager at McAfee, security consultant at Foundstone and software development engineer at Concept
Sol. He has contributed to many security books- hardening code, hacking exposed, how to break web
security and is a regular speaker at several conferences including RSA conference, WebAppSec, OWASP
and ToorCon. Kartik has MBA and MS degrees and CISM, CISA, CISSP certifications
Co-Presenter: Lenin Aboagye, Principal Security Architect at Apollo Group.
Responsible for overseeing all security pertaining to Apollo's Education Platform and Applications. He
is a seasoned Information Security professional with over 10 years of experience in different roles in
the security field. A sought after speaker on Cloud, Mobile and Application Security topics. His experi-
ence in security has led him to hold different roles from security analyst, penetration tester, security
engineer and security architect roles in several high-profile organizations in Media & Television, Educa-
tion, Health, Real Estate and Energy industries. He worked as a Security consultant for Accuvant, Inc.
and was also a Senior Security Consultant with Verisign's Global Group. Contributing member of the
CSA Security- As- A-Service (SecAAS) working group and is an active participant in several other Infor-
mation Security related interests. Lenin holds a BA, and graduated top of his class with a double major
in Computer Science and Math.
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 11
Session 2-4 Description: Using COBIT 5 Process Assessment Model (PAM) and Cloud Audit
Methodology: ISACA Guidance to our Every Day activities to Assess company Services that
Extend to the Cloud This is an introduction to the newly updated ISO/IEC 15504 compliant,
COBIT 5 Process Assessment Model (PAM). This model is the basis for the assessment of an
enterprise’s IT processes against COBIT 5. The assessment model is useful for identifying the
enterprise’ current state, setting targets for desired improvement, and recognizing progress
in implementing the processes that support and enable excellence in strategic alignment,
value delivery, risk management and resource management. Use of the COBIT 5.0 Process
Assessment Model gives and evidence and standards based assessment of process capability.
Presenter: ISACA SF President Debra Mallette CGEIT®, CISA®, CSSBB (ASQ Certified Six
Sigma Black Belt), and Managed Change™ Master, is an early adopter of COBIT for imple-
menting IT Governance. Having used the COBIT 3 Maturity Model, written ISACA/ITGI’s SEI
CMM to COBIT 4.0 and SEI CMMI to COBIT 4.1 mapping papers, and serving on the COBIT 5.
Development Group, she was asked to serve as an expert reviewer for the COBIT 4.1 and
COBIT 5 Process Assessment Method (PAM). She has previously been a certified SEI CMMI
assessor and ISO TickIT qualified. Debra has been working with quality management systems,
systems of internal control, process performance measurement, monitoring, and
improvement programs throughout most of her career. She is an ISACA certified instructor
for Implementing and Continuously Improving IT Governance, V3.0, as well as Introduction to
COBIT 5. Past President of ISACA San Francisco Chapter, for her day job, she’s an ITIL Service
Management Process Consultant Specialist in Kaiser Permanente’s 5000 person-strong IT
organization serving the largest and original Health Maintenance Organization in the United
States.
Session 2-4 Description—Part Two Big Risk, Big Data, showing the issues in assigning govern-
ance, risk and compliance steps to projects using "Big Data" technologies. This presentation
is an interactive discussion that is likely to spill into conversations throughout the remainder
of the day. To preview the points, view more at http://www.enterprisegrc.com/
IMA_ValofData/
Presenter: ISACA SV Conference Director, Robin Basham, M.ED, M.IT, CISA, CGEIT, CRISC,
ACC, CRP, VRP, and HISP, Managing Partner, EnterpriseGRC Solutions Inc.® Over the last
decade Robin has architect more than 70 GRC programs, delivering end to end solutions with
full knowledge transfer to program owners and users. Robin is also past president for the
Association for Certified Green Technology Auditors, ACGTA, a frequent committee contribu-
tor to the ISACA Silicon Valley Chapter and liaison to the ITSMF SV chapter, as well as fre-
quent participant in Cloud Security Alliance local chapter. EnterpriseGRC Solutions is recently
added to the Cloud Credential Council and is named to the certification committee of The
Holistic Information Security Practitioner Institute (HISPI). EnterpriseGRC Solutions® is an
active sponsor to Information Systems Audit and Control Association, ISACA®, listed as
corporate sponsor and many time CobiT® trainer for the ITGI.
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 12
2-5 Session Description: Similarities, Benefits and Potential Drawbacks to implementing SAP
as a Hosted Solution - This session examines several common audit programs as outlined IS-
ACA's Security Audit and Control Features for SAP ECC 6.0 guidance and as recommended in
general ERP compliance practice. Visit http://www.istreetsolutions.com/
Presenter: Mark Richter, President, iStreet Solutions, LLC.
Mark Richter has over 30 years’ experience helping companies improve profits and uncover
additional economic value by applying enterprise best practices and the latest in information
technology solutions. His vision is transformative and critical to creating the iStreet Services
Platform as he blends cloud and virtualization technologies, with the security considerations
demanded of dedicated platforms. His career began at Hewlett-Packard where he held
various technology and leadership positions, moved to VoIP startup Appiant Technologies
and then Ragingwire Enterprise Solutions.
Before founding iStreet Solutions in 2004 he served as business application hosting
Infrastructure Practice Director at Rapidigm, now a part of Fujitsu Consulting. Mark holds an
MBA and Bachelor of Science degree in engineering.
Session 2-6 Closing the Gap Between Security and Compliance
New technologies and the way we work are challenging the traditional controls put in place
for security. How we deploy security to maintain control and visibility has to change to keep
up. Check Point’s approach using multi-layered security can provide the necessary controls
and provide the visibility to confidently embrace these new technologies and ways of working
Presenter: Fred Kost, Head of Product Marketing at Check Point Software Technologies
Fred brings a wealth of marketing and security experience and a passion for security. Prior to
joining Check Point, Fred was director of security marketing for Cisco where he led marketing
for the portfolio of security products and solutions. He has extensive network security
experience spanning both established industry leaders and early stage ventures. Fred has
held technology marketing and development positions with Recourse Technologies,
Symantec, nCircle and Blue Lane Technologies. He earned a Bachelor of Science in Electrical
Engineering from Purdue University and an MBA from the University of North Carolina.
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 13
Session 2-7 Panel Discussion
Session 2-7 Description: Trust Services in Cloud Based Business, Session Descrip-
tion: Companies depending on SOC 1, SOC 2 and SOC 3 need to be clear in the extent of expo-
sure analysis and more transparent in what they commit to external reporting. This panel in-
cludes Directors in Information Audit who have specific experience in assisting public and pri-
vate companies in selecting and achieving external reporting requirements. The session will
consider where the current standards need improvement and how new frameworks from
AICPA and ISACA can assist in filling gaps.
Moderator: Sumit Kalra, CISA, CISSP, is a Director at Burr Pilger Mayer, where he manages
the Assurance Services practice specializing in information technology, SAS70 Audits, and
assessments. His 12 years of industry experience include 6 years at international CPA firms,
and 6 years at companies in the technology, consumer products and financial services
industries. His knowledge base spans a variety of ERP solutions and complex infrastructure
implementations. Sumit has a BS in Accounting and Computer Information Systems from San
Francisco State University.
Panelist: Harshul Joshi, CISSP, CISA, CISM, Director PwC. As a Director in the security practice
with primary areas of focus in IT security and compliance based risk assessments, Harshul's
expertise includes Threat and Vulnerability modeling and security architecture. He has worked
with various compliance standards including: PCI (Payment Card Industry), Sarbanes Oxley
404, GLBA (Gramm Leach Bliley Act), PCI (Payment Card Industry) and SAS 70. Harshul has
worked in Fortune 100 companies assisting with IT compliance, audit and security initiatives
and is an internationally known speaker. Some of the sample topics he speaks on include PCI,
Wireless Security, Auditing Firewalls and Intrusion Detection, Risks of IT Outsourcing and
Offshoring and Performing IT Risk assessment from a Business stand-point. He has spoken at
various conferences in Singapore, India and in United States. He is a regular speaker at ISACA
North American Conference as well as Network Security Conference. Harshul is a Certified
Information Systems Security Professional (CISSP), Certified Information Systems Auditor
(CISA) and Certified Information Security Manager (CISM). Harshul has an MBA in International
Business and a MS in Information Systems. Prior to joining PwC, Harshul was a Director of
Technology consulting for CBIZ MHM LLC, where he headed the security practice creating and
delivering risk assessment services. He also spearheaded IT security and compliance at Sony
Corporate audit group performing compliance and audit assessments for Sony Electronics,
Sony Music and Sony Pictures. Prior to joining Sony, Harshul was a Security Architect with
Verizon / GTE.
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 14
Panelist: Jeremy Sucharski, CISA, CRISC is a Director in Armanino McKenna’s CFO Advisory
Services Practice.
Jeremy is the Governance, Risk and Compliance practice leader. Jeremy has over 12 years of
experience in audit and consulting with a strong focus on SOX, SOC audits and information
security consulting. Jeremy currently leads the Governance Risk and Compliance (GRC) and
SOC audit practices at Armanino McKenna. Prior to joining AMLLP, Jeremy worked in the
Deloitte ERS practice focusing in IT Internal Audit. Prior to Deloitte, Jeremy spent several years
with the Federal Government in various finance and IT-related positions. Throughout his ca-
reer, Jeremy has focused on assisting clients in designing processes and controls that strike the
proper balance between the need to protect a company while not being unduly onerous and
restricting their ability to innovate. Jeremy has served clients in a variety of industries including
transportation, high technology and consumer products.
Panelist: Jay Swaminathan, CISA, CPA, CRISC, Director SOAProjects, provides Internal Audit
and IT risk consultation to his clients. Jay has more than 10 years of experience in varied
industries. In his current role at SOAProjects, he specializes in implementing optimization and
process improvements for his clients in compliance and other areas. His expertise includes in
depth knowledge of Oracle EBS, related tools and methodologies to evaluate the ERP system.
Prior to SOAProjects, Jay was with the Risk Advisory Services in Ernst & Young.
Jay was responsible for managing and executing review of IT systems as part of financial and
Sarbanes-Oxley 404 audits of major corporations like Seagate, Spansion, and Copart. Jay was
an Oracle Subject Matter Resource (SMR) at Ernst & Young practice and instructed various
Oracle training sessions. Jay is the recent past President of the ISACA Silicon Valley chapter and
successfully lead the 830-member organization, steering goals and objectives and in collabora-
tion with a team of board members, executes programs for the benefit of the members. He
instructs the CISA review courses and is a regular speaker at different conferences. Jay is an
undergraduate in Management from Bangalore University.
Panelist: Douglas A. Brown, Sr. VP of Engineering Operations at NetSuite Inc. (NYSE: N).
Brian K. Taylor, CISA, is the SR Director of Compliance, Systems and Tools at NetSuite Inc.
(NYSE: N). In this role, Brian is responsible for IT Compliance in such areas as SOC 1/2, SOX
ITGC, EU Safe Harbor, and PCI DSS. Brian established and grew NetSuite’s IT Compliance
practice, leading the teams that first successfully implemented and achieved SAS 70 and PCI
DSS, as well as growing and managing the SOX/Internal Audit team. Before taking on his
current responsibilities, he worked on the NetSuite Product Management team, managing
customization, scripting, administration, and integration products. He is additionally responsi-
ble for the team within NetSuite that runs the company on the NetSuite OneWorld product, as
well as an engineering release team. Brian has worked for NetSuite for 12 years, has 10 years
experience in IT compliance, and more than 20 years experience in Information Technology.
Prior to NetSuite, he worked as a Compliance and Design Engineer at Lucent Technologies.
He is a Certified Information Systems Auditor (CISA) and holds a Bachelor of Arts and Science
in English and Computer Science from UC Davis and a Masters in Science in Chemistry from
the University of Detroit-Mercy
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 15
Platinum Sponsors
Silver Sponsors
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 16
ISACA Silicon Valley has been providing IT Audit, Security, and Governance Profes-
sionals with the training and networking opportunities they need to compete and
thrive since 1982. We are continuing this tradition at our 2012 Summer Conference,
where we offer our attendees are a range of industry leaders, speaking to their wis-
dom and experience in Enabling Trust through Business in the Cloud. Don’t miss our
upcoming Winter Conference, offering two full day courses that move beyond the-
ory to emphasize practical skills you can utilize at work or to improve your market-
ability.
The Conference Committee has worked hard to provide a cost effective, value
driven, high quality educational and networking experience. We tailor our events for
ISACA members as well as Bay area professionals in governance and compliance
fields. We hope we have succeeded. As always, you input is greatly appreciated,
and we strongly encourage you to fill-out the Evaluation Forms at the end of each
day. You are also welcome to seek us out with any comments or suggestions you
might have to help us continually improve.
Yours Sincerely, The ISACA SV Summer Conference Commit-
tee
2012 Summer Conference Committee
Robin Basham, Conference Director Please learn more about the key roles played
Sumit Kalra, Chapter President by our volunteers. Read their bios on page 17.
Mike Jordan, Chapter Vice President Brendan Lewis - Coordinator
Ruchi Verma, Secretary Bala Krishnan - Liaison
Robert Ikeoka, Treasurer Pratul Kant - Liaison
Greg Edwards, Membership Director Prasad Sanjeevaiah - Liaison
Pat Kumar, Communications Director Sivakumar Natesan - Liaison, Web Support
Dharshan Shanthamurthy, Certifica-
tion Director
Monica Pope— Design, flyer
Naimish Anarkat, Programs Director Marlin Pohlman - Liaison
Larry Halme,
Academic Relations Director
Mohammed Saifuddi - Marketing
Jay Swaminathan, Past President Catherine Skrbina - Registration
Committee Members
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 17
Meet the volunteers, ISACA SV Summer Conference Committee
Members of the ISACA Silicon Valley Board of Directors put substantial personal efforts to supporting the
activities of Summer and Winter Conference. Attendees can learn more about our Board by visiting our
website Meet Our Board
Brendan
Lewis
Communication Coordinator, Brendan Lewis has more than 15 years of experience across IT disciplines
and currently serves in IT Governance at KLA-Tencor. He recently passed his CGEIT exam.
Bala
Krishnan
Volunteer Coordinator, Bala is a Senior Management Consultant with over 10 years experience focusing
on ERP business processes and information risk advisory services for global organizations with expertise
in the areas of IT Audit, Compliance, Controls, Data Privacy and SAP Security design/opti- mization. He
holds two leading certifications of Certified Information Systems Auditor (CISA) and Certified Informa-
tion Privacy Professional (CIPP/IT) and is a former Big 4 Consultant.
Pratul
Kant
Liaison, Pratul is a Senior IT Infrastructure and Information Security professional with over 18 years of
experience focusing on Enterprise IT systems, IT infrastructure (including Virtualization, Cloud and SaaS
based solutions), Information Security and IT production operations. He holds a degree in Electrical En-
gineering (B.Sc. Engineering), a master’s degree in Information Systems (MSIS) and an industry standard
information security certification (Certified Information Security Manager or CISM) from ISACA.
Monica Pope Flyer support and graphic artist, Monica Pope – SharePoint Administrator and IT Compliance Specialist
at DDi. Monica Pope – SharePoint Administrator and IT Compliance Specialist at DDi. 6 years experi-
ence with SharePoint Administration. During this time as the Intranet Project Manager for DDi I con-
solidated the company’s Intranet using the SharePoint Platform. In the last 8 years, as a member of
the IT Security Group and in the role of SOX control owner of the IT Change Management, I coordinated
the IT Control Board; developed, updated and communicated IT Policies and Procedures for DDi.
Marlin
Pohlman
Liaison, Chief Technology Officer at Haliphron, uniting Cloud Service Level Agreements to metrics pro-
vided by major vendors, Marlin Pohlman is the former Chief Governance Officer of EMC. In this role he
coordinated the activities of standards based IT governance with EMC, its Security Division RSA and its
holdings in VMWare and Acadia. Dr. Pohlman represents ISACA in ISO SC27 JTC1 and is the co-editor for
the 27017 Cloud Security Standard as well as a contributor and shareholder in the CAMM project. He is
a licensed engineer and holds the CSA CCSK certification the ISC2 CISSP certification as well as the ISACA
CISM, CISA, CGEIT, CRISC certifications, is also a paralegal.
Mohammed
Saifuddi
Liaison, Mohammed graduated from Texas A&M University and as has been Working as a Solutions
Architect at Questivity-a Data Center and IT Infrastructure Solutions provider. He is also involved in IS
Audits and aligning processes following ITILv3 best practices for Questivity customers. He is ITIL and
COBIT trained.
We also wish to acknowledge people who showed up to man the registration table and to assist with physical demands
in supporting the exhibition, with mention to Catherine Skrbina and Prasad Sanjeevaiah .
For support on the website banner, Thank you, Sivakumar Natesan
http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 18
Venue Information and a note regarding Academic Relations
The 2012 Summer Conference will
be held at:
Biltmore Hotel & Suites
2151 Laurelwood Road
Santa Clara, CA 95054
(408) 988-8411
Free Parking
ISACA Supports Academic Research
Academic research is the foundation of many of the breakthroughs and new theories supporting the
IT assurance, information security and IT governance professional space. ISACA is pleased to sup-
port academic research projects by posting these descriptions of peer-reviewed research projects
underway. You are encouraged to participate in those you find of special interest or pertinence.
ISACA Silicon Valley maintains a relationship with San Jose State University.
To learn more contact the Academic Relations Director
A special thank you is in order to the companies
that volunteered sponsorship for local university
students. In addition to their generous conference
support, these companies also hosted student
attendance for this and future ISACA SV training
events.

More Related Content

What's hot

Cisco connect winnipeg 2018 a look at network assurance in dna center
Cisco connect winnipeg 2018   a look at network assurance in dna centerCisco connect winnipeg 2018   a look at network assurance in dna center
Cisco connect winnipeg 2018 a look at network assurance in dna center
Cisco Canada
 
Building an Adoption Plan: Turning it on(Part 2 of 2)
Building an Adoption Plan: Turning it on(Part 2 of 2)Building an Adoption Plan: Turning it on(Part 2 of 2)
Building an Adoption Plan: Turning it on(Part 2 of 2)
Cisco Canada
 
Cisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed ServicesCisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Canada
 
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
Cyber Security Alliance
 
Calgary security road show master deck final
Calgary security road show master deck finalCalgary security road show master deck final
Calgary security road show master deck final
Scalar Decisions
 
Introduction to ThousandEyes
Introduction to ThousandEyesIntroduction to ThousandEyes
Introduction to ThousandEyes
ThousandEyes
 
Webex Control Hub - IT Control no matter where they work
Webex Control Hub -IT Control no matter where they workWebex Control Hub -IT Control no matter where they work
Webex Control Hub - IT Control no matter where they work
Cisco Webex
 
Brian-Vaughn
Brian-VaughnBrian-Vaughn
Brian-Vaughn
brian vaughn
 
Michael Marange Resume 07-2015
Michael Marange Resume 07-2015Michael Marange Resume 07-2015
Michael Marange Resume 07-2015
mmarange
 
Cio resume
Cio resumeCio resume
Keeping Technology Current: A Driver for Change
Keeping Technology Current: A Driver for ChangeKeeping Technology Current: A Driver for Change
Keeping Technology Current: A Driver for Change
Cisco Canada
 
AOS - Overview
AOS - OverviewAOS - Overview
AOS - Overview
NGINX at F5
 
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Marc Lijour, OCT, BSc, MBA
 
National Government Webinar: Reap the Rewards of IT Consolidation
National Government Webinar: Reap the Rewards of IT ConsolidationNational Government Webinar: Reap the Rewards of IT Consolidation
National Government Webinar: Reap the Rewards of IT Consolidation
SolarWinds
 
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Canada
 
SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016
SolarWinds
 
Cisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on LabCisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco Canada
 

What's hot (17)

Cisco connect winnipeg 2018 a look at network assurance in dna center
Cisco connect winnipeg 2018   a look at network assurance in dna centerCisco connect winnipeg 2018   a look at network assurance in dna center
Cisco connect winnipeg 2018 a look at network assurance in dna center
 
Building an Adoption Plan: Turning it on(Part 2 of 2)
Building an Adoption Plan: Turning it on(Part 2 of 2)Building an Adoption Plan: Turning it on(Part 2 of 2)
Building an Adoption Plan: Turning it on(Part 2 of 2)
 
Cisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed ServicesCisco Powered: Your Trusted Source for Cloud and Managed Services
Cisco Powered: Your Trusted Source for Cloud and Managed Services
 
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
ASFWS 2012 - Theory vs Practice in implementing Software Security related act...
 
Calgary security road show master deck final
Calgary security road show master deck finalCalgary security road show master deck final
Calgary security road show master deck final
 
Introduction to ThousandEyes
Introduction to ThousandEyesIntroduction to ThousandEyes
Introduction to ThousandEyes
 
Webex Control Hub - IT Control no matter where they work
Webex Control Hub -IT Control no matter where they workWebex Control Hub -IT Control no matter where they work
Webex Control Hub - IT Control no matter where they work
 
Brian-Vaughn
Brian-VaughnBrian-Vaughn
Brian-Vaughn
 
Michael Marange Resume 07-2015
Michael Marange Resume 07-2015Michael Marange Resume 07-2015
Michael Marange Resume 07-2015
 
Cio resume
Cio resumeCio resume
Cio resume
 
Keeping Technology Current: A Driver for Change
Keeping Technology Current: A Driver for ChangeKeeping Technology Current: A Driver for Change
Keeping Technology Current: A Driver for Change
 
AOS - Overview
AOS - OverviewAOS - Overview
AOS - Overview
 
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
Cisco at DevTO - Tomorrow Starts Now for Sheridan College Students (July 28, ...
 
National Government Webinar: Reap the Rewards of IT Consolidation
National Government Webinar: Reap the Rewards of IT ConsolidationNational Government Webinar: Reap the Rewards of IT Consolidation
National Government Webinar: Reap the Rewards of IT Consolidation
 
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM...
 
SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016SolarWinds User Group - Hawaii November 2016
SolarWinds User Group - Hawaii November 2016
 
Cisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on LabCisco ONE Enterprise Cloud (UCSD) Hands-on Lab
Cisco ONE Enterprise Cloud (UCSD) Hands-on Lab
 

Similar to 2012 Summer Conference Brochure

Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...
Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...
Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...
Jarrett Neil Ridlinghafer
 
Cloud asia 2012
Cloud asia 2012Cloud asia 2012
Cloud asia 2012
teknologiinformasi
 
The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019
Insights success media and technology pvt ltd
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud Strategy
Redpath Consulting Group
 
Espion and SureSkills Presentation - Your Journey To A Secure Cloud
Espion and SureSkills Presentation - Your Journey To A Secure CloudEspion and SureSkills Presentation - Your Journey To A Secure Cloud
Espion and SureSkills Presentation - Your Journey To A Secure Cloud
Google
 
CSA NY Metro Inaugural Event 5 17 2011 Final
CSA NY  Metro Inaugural Event 5 17 2011 FinalCSA NY  Metro Inaugural Event 5 17 2011 Final
CSA NY Metro Inaugural Event 5 17 2011 Final
Peister
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud Strategy
VISI
 
SpeedyCloud Services Introduction Vol-5
SpeedyCloud Services Introduction Vol-5SpeedyCloud Services Introduction Vol-5
SpeedyCloud Services Introduction Vol-5
Zaighum Malik 赞谋
 
Architect day 20181128- Morning Sessions
Architect day 20181128- Morning SessionsArchitect day 20181128- Morning Sessions
Architect day 20181128- Morning Sessions
Salesforce - Sweden, Denmark, Norway
 
7th cloud computing & big data 2013 Summit - 2013
7th cloud computing & big data 2013 Summit - 2013 7th cloud computing & big data 2013 Summit - 2013
7th cloud computing & big data 2013 Summit - 2013
Deepak Raj (2,000+Connections)
 
Lisa martinez candidate BA
Lisa martinez candidate   BA Lisa martinez candidate   BA
Lisa martinez candidate BA
Lisa Marie Martinez
 
Cloud webinar final
Cloud webinar finalCloud webinar final
Cloud webinar final
Ness Technologies
 
Expectations in DRAAS from CSP
Expectations in DRAAS from CSPExpectations in DRAAS from CSP
Expectations in DRAAS from CSP
Continuity and Resilience
 
Matt Amjad Portfolio (1)
Matt Amjad Portfolio (1)Matt Amjad Portfolio (1)
Matt Amjad Portfolio (1)
Mateen Amjad
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile World
Inside Analysis
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile World
Hao Tran
 
Cloud Innovation Tour - Discover Track
Cloud Innovation Tour - Discover TrackCloud Innovation Tour - Discover Track
Cloud Innovation Tour - Discover Track
LaurenWendler
 
World of Watson 2016 - Data lake or Data Swamp
World of Watson 2016 - Data lake or Data SwampWorld of Watson 2016 - Data lake or Data Swamp
World of Watson 2016 - Data lake or Data Swamp
Keith Redman
 
How to neutralize vulnerabilities in a mixed cloud- on premise environment
How to neutralize vulnerabilities in a mixed cloud- on premise environmentHow to neutralize vulnerabilities in a mixed cloud- on premise environment
How to neutralize vulnerabilities in a mixed cloud- on premise environment
Estuate, Inc.
 
Afternoon Session: Innovation and platform Architect Day
Afternoon Session: Innovation and platform Architect Day Afternoon Session: Innovation and platform Architect Day
Afternoon Session: Innovation and platform Architect Day
Salesforce - Sweden, Denmark, Norway
 

Similar to 2012 Summer Conference Brochure (20)

Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...
Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...
Cloud_DevOps_Data-Center_Infrastructure_Security_Compliancey_&_Emerging_Tech-...
 
Cloud asia 2012
Cloud asia 2012Cloud asia 2012
Cloud asia 2012
 
The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019The 10 most trusted companies in enterprise security 2019
The 10 most trusted companies in enterprise security 2019
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud Strategy
 
Espion and SureSkills Presentation - Your Journey To A Secure Cloud
Espion and SureSkills Presentation - Your Journey To A Secure CloudEspion and SureSkills Presentation - Your Journey To A Secure Cloud
Espion and SureSkills Presentation - Your Journey To A Secure Cloud
 
CSA NY Metro Inaugural Event 5 17 2011 Final
CSA NY  Metro Inaugural Event 5 17 2011 FinalCSA NY  Metro Inaugural Event 5 17 2011 Final
CSA NY Metro Inaugural Event 5 17 2011 Final
 
Developing Your Cloud Strategy
Developing Your Cloud StrategyDeveloping Your Cloud Strategy
Developing Your Cloud Strategy
 
SpeedyCloud Services Introduction Vol-5
SpeedyCloud Services Introduction Vol-5SpeedyCloud Services Introduction Vol-5
SpeedyCloud Services Introduction Vol-5
 
Architect day 20181128- Morning Sessions
Architect day 20181128- Morning SessionsArchitect day 20181128- Morning Sessions
Architect day 20181128- Morning Sessions
 
7th cloud computing & big data 2013 Summit - 2013
7th cloud computing & big data 2013 Summit - 2013 7th cloud computing & big data 2013 Summit - 2013
7th cloud computing & big data 2013 Summit - 2013
 
Lisa martinez candidate BA
Lisa martinez candidate   BA Lisa martinez candidate   BA
Lisa martinez candidate BA
 
Cloud webinar final
Cloud webinar finalCloud webinar final
Cloud webinar final
 
Expectations in DRAAS from CSP
Expectations in DRAAS from CSPExpectations in DRAAS from CSP
Expectations in DRAAS from CSP
 
Matt Amjad Portfolio (1)
Matt Amjad Portfolio (1)Matt Amjad Portfolio (1)
Matt Amjad Portfolio (1)
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile World
 
Rethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile WorldRethinking Data Availability and Governance in a Mobile World
Rethinking Data Availability and Governance in a Mobile World
 
Cloud Innovation Tour - Discover Track
Cloud Innovation Tour - Discover TrackCloud Innovation Tour - Discover Track
Cloud Innovation Tour - Discover Track
 
World of Watson 2016 - Data lake or Data Swamp
World of Watson 2016 - Data lake or Data SwampWorld of Watson 2016 - Data lake or Data Swamp
World of Watson 2016 - Data lake or Data Swamp
 
How to neutralize vulnerabilities in a mixed cloud- on premise environment
How to neutralize vulnerabilities in a mixed cloud- on premise environmentHow to neutralize vulnerabilities in a mixed cloud- on premise environment
How to neutralize vulnerabilities in a mixed cloud- on premise environment
 
Afternoon Session: Innovation and platform Architect Day
Afternoon Session: Innovation and platform Architect Day Afternoon Session: Innovation and platform Architect Day
Afternoon Session: Innovation and platform Architect Day
 

More from EnterpriseGRC Solutions, Inc.

CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
EnterpriseGRC Solutions, Inc.
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
EnterpriseGRC Solutions, Inc.
 
The Perils of Mount Must Read
The Perils of Mount Must ReadThe Perils of Mount Must Read
The Perils of Mount Must Read
EnterpriseGRC Solutions, Inc.
 
Procedures and Controls Documentation Guidelines
Procedures and Controls Documentation GuidelinesProcedures and Controls Documentation Guidelines
Procedures and Controls Documentation Guidelines
EnterpriseGRC Solutions, Inc.
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
EnterpriseGRC Solutions, Inc.
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
EnterpriseGRC Solutions, Inc.
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secure
EnterpriseGRC Solutions, Inc.
 
Cryptographic lifecycle security training
Cryptographic lifecycle security trainingCryptographic lifecycle security training
Cryptographic lifecycle security training
EnterpriseGRC Solutions, Inc.
 
Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture design
EnterpriseGRC Solutions, Inc.
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
EnterpriseGRC Solutions, Inc.
 
CISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesCISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studies
EnterpriseGRC Solutions, Inc.
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
EnterpriseGRC Solutions, Inc.
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin   enterprise gr-cv3Virtualization and cloud impact overview auditor spin   enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
EnterpriseGRC Solutions, Inc.
 
The value of our data
The value of our dataThe value of our data
The value of our data
EnterpriseGRC Solutions, Inc.
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin   Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin   Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
EnterpriseGRC Solutions, Inc.
 
Green Tech
Green TechGreen Tech

More from EnterpriseGRC Solutions, Inc. (16)

CobiT Foundation Free Training
CobiT Foundation Free TrainingCobiT Foundation Free Training
CobiT Foundation Free Training
 
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 ruleWalk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
Walk This Way: CIS CSC and NIST CSF is the 80 in the 80/20 rule
 
The Perils of Mount Must Read
The Perils of Mount Must ReadThe Perils of Mount Must Read
The Perils of Mount Must Read
 
Procedures and Controls Documentation Guidelines
Procedures and Controls Documentation GuidelinesProcedures and Controls Documentation Guidelines
Procedures and Controls Documentation Guidelines
 
Erm talking points
Erm talking pointsErm talking points
Erm talking points
 
Enterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slidesEnterprise governance risk_compliance_fcm slides
Enterprise governance risk_compliance_fcm slides
 
Does audit make us more secure
Does audit make us more secureDoes audit make us more secure
Does audit make us more secure
 
Cryptographic lifecycle security training
Cryptographic lifecycle security trainingCryptographic lifecycle security training
Cryptographic lifecycle security training
 
Networking and communications security – network architecture design
Networking and communications security – network architecture designNetworking and communications security – network architecture design
Networking and communications security – network architecture design
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
CISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studiesCISSP Study Exercises, Just some good will to help my peers with their studies
CISSP Study Exercises, Just some good will to help my peers with their studies
 
Security assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP PrepSecurity assessment with a hint of CISSP Prep
Security assessment with a hint of CISSP Prep
 
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
Virtualization and cloud impact overview auditor spin   enterprise gr-cv3Virtualization and cloud impact overview auditor spin   enterprise gr-cv3
Virtualization and cloud impact overview auditor spin enterprise gr-cv3
 
The value of our data
The value of our dataThe value of our data
The value of our data
 
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin   Enterprise Gr Cv4Virtualization And Cloud Impact Overview Auditor Spin   Enterprise Gr Cv4
Virtualization And Cloud Impact Overview Auditor Spin Enterprise Gr Cv4
 
Green Tech
Green TechGreen Tech
Green Tech
 

2012 Summer Conference Brochure

  • 1. August 23rd & 24th - Santa Clara, California This event counts towards 14 hours of Continuing Professional Education 14 CPEs ISACA SILICON VALLEY 2012 Summer Conference Enabling Trust: Business In the Cloud Schedule August 23rd 3 Schedule August 24th 4 Day 1 Sessions and Bios 5 Day 2 Sessions and Bios 9 Sponsors 15 From the ISACA SV Board 16 About Our Committee 17 Venue Information 18 Academic Relations 18 Conference BrochureCloud Business Track- What Business has done to Enable our Trust Auditing Track- How Cloud Affects Audit Methods to Ensure & Assess Cutting Edge Business, Audit & Technology Topics 14 Sessions by Notable Industry Experts Thursday Night Networking Reception Sponsor Exhibits and Raffles http://www.isaca-sv.org
  • 2. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 2 Program Day One -Thursday, 23 August 2012 Time Event / Topic Speaker 8:00 AM Registration, Networking & Coffee, 8:45 AM Welcome Message from the ISACA SV President and The ISACA SV Board Sumit Kalra, Robin Basham The ISACA Board 9:00 AM Keynote: Session 1-1: Our Responsibility in the New Cloud Economy Wolfgang Kandek CTO - Qualys, Inc. 9:30 AM Session 1-2 : The Boundaries of Business When Your Business is SaaS. How to Design Software Users Love (Kevin Hale is the Founder of WuFoo, recently acquired by Sur- vey Monkey.) Kevin Hale Sr Product Manager SurveyMonkey 10:30 AM Session 1-3 : Building And Maintaining Trust In An Increasingly Social And Mobile Environment Bill Ender Director, Consulting Practice - EMC Consulting 11:30 AM Lunch and Networking - Enjoy time with Conference Sponsors 12:30 PM Session 1-4: Rethinking Web-Application architecture for the Cloud Arshad Noor CTO - StrongAuth, Inc. 1:30 PM Session 1-5: Intelligent Operations, Leveraging Cloud & Virtualization - Setting The Right Operational Targets David Robbins CIO - Ellie Mae, Inc. 2:30 PM Session 1-6: Business Risk Intelligence - Information Security Management, Risk Management, and Industry Compliance Initiatives - how do you keep it all straight Gordon Shevlin CEO - Allgress Chris Armstrong, CISO - Allgress 3:30 PM Break 3:45 PM Session 1-7: Executive Panel Discussion - Moderator: Eric Tan, PwC Enterprise Systems - The Secret to Their Success • Ahmed Datoo, CMO - Zenprise • Douglas Barbin, Principal, BrightLine • Douglas A. Brown, Sr. VP of Eng Operations, NetSuite, Inc. • Doug Meier, Director Security & Compliance, Pandora 5:15 PM Sponsors Exhibit, Networking & Reception (until 7:30 PM) Cloud Business Track- What Business has done to Enable our Trust
  • 3. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 3 Program Day Two—Friday, 24 August 2012 Time Event / Topic Speaker 8:00 AM Networking & Coffee 8:30 AM Message from the ISACA SV President Sumit Kalra, Robin Basham The ISACA Board 8:45 AM Session 2-1: “Did you want controls with that?” Model for IT Assurance as a Service – The Emergence of Controls in Infrastructure as a Service SLA Jeff Reich CRO - Layered Tech 9:30 AM Session 2-2: Big Business Big Risk, How We Measure a Secure Enterprise Mike Pearl Principal, Cloud Strategy Practice, and Partner - PwC 10:30 AM Session 2-3: Building Enterprise Level Security into Public Clouds Kartik Trivedi VP / Co-Founder at Symosis Lenin Aboagye Apollo Group, Inc. 11:30 AM Lunch and Networking - Enjoy time with Conference Sponsors 12:30 PM Session 2-4: Using COBIT 5 Process Assessment Model (PAM), Followed by “Applying ISACA Guidance to Understanding the Value of Our Data, Big Risk—Big Data” Debra Mallette ISACA SF Past President Robin Basham ISACA SV Conference Dir, CEO, EnterpriseGRC Solutions Inc. 1:30 PM Session 2-5: Benefits and Potential Drawbacks to implementing SAP as a Hosted Solution. How ERP Controls are Same and Different when Serviced In the Cloud Mark Richter President iStreet Solutions, LLC 2:30 PM Session 2-6: Closing the Gap Between Security and Com- pliance Fred Kost Head of Product Marketing Check Point Software Technologies 3:30 PM Break 3:45 PM Session 2-7 Panel Discussion - Moderator: Sumit Kalra, Director at Burr Pilger Mayer Trust Services in Cloud Based Business, Session Description • Jay Swaminathan , Director SOAProjects • Harshul Joshi, Director PwC • Jeremy Sucharski, Dir Armanino McKenna, CFO Advisory Services Practice • Brian K. Taylor, Sr. Dir of Compliance, Systems and Tools at NetSuite Inc. 5:15 PM Sponsor Raffles and Conference Closing Remarks Auditing Track- How Cloud Affects Audit Methods to Ensure and Assess
  • 4. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 4 Session 1-1 Description: Responsibility in the New Cloud Economy Wolfgang is a frequent speaker at security events and forums including Black Hat, RSA Confer- ence, InfoSecurity UK and The Open Group. Wolfgang is the main contributor to the Laws of Vulnerabilities blog. When we asked who might speak to “Responsibility in the New Cloud Economy” Wolfgang’s leadership at Qualys seemed the perfect fit. Presenter: Wolfgang Kandek, CTO - Qualys Wolfgang is responsible for product direction and all operational aspects of the QualysGuard platform and its infrastructure. Wolfgang has over 20 years of experience in developing and managing information systems. His focus has been on Unix-based server architectures and application delivery through the Internet. Prior to joining Qualys, Wolfgang was Director of Network Operations at the Online Music streaming company myplay.com and at iSyndicate, an Internet media syndication company. Earlier in his career, Wolfgang held a variety of technical positions at EDS, MCI and IBM. Wolfgang earned master's and bachelor's degrees in computer science from the Technical University of Darmstadt, Germany. Visit: http://www.qualys.com Session 1-2 Description: The Boundaries of Business When Your Business is SaaS– How to Design Software Users Love (Open your mind to business without walls.) There's been a paradigm shift in business over the last 20 years. Users and customers want a relationship. They want to fall in love. When it comes to software and the Internet, you don't have the benefits and reminders of face to face interactions, so it's easy to forget how a little love goes a long way. This session shares the story of Wufoo and also look at how companies and their products are wooing their users, keeping the romance alive and sustaining lasting relationships that turn out to make for profitable returns. Presenter: Kevin Hale, Senior Product Manager - SurveyMonkey Kevin is the Co-founder of Infinity Box Inc, a Y Combinatory seeded company that built Wufoo, an online form builder, ranked by Jakob Nielson as one of the best application UIs of 2008. After selling Wufoo to SurveyMonkey for 35 million dollars in 2011, Kevin is now Sen- ior Product Manager responsible for safeguarding and enhancing the user experience of Sur- veyMonkey's products. The conference feedback forms have been supplied for free by the brilliant engineers and generous founders of Wufoo. Visit: http://www.wufoo.com
  • 5. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 5 Session 1-3 Description: Building and Maintaining Trust in an Increasingly Social and Mo- bile Environment: How do we protect information in a universe increasingly dominated by services (Facebook, Google+, LinkedIn, etc.) and devices (smartphones, iPads, etc.) designed to make information transparent and portable Presenter: Bill Ender, Director, Consulting Practice – EMC Consulting. Bill is EMC's GRC Evangelist. Prior to joining EMC, Bill was Senior VP of Corporate Information Security for Wells Fargo Bank (2003-2010), where he led the creation, implementation an main- tenance of the Information Security Management Program, policy, controls, regulatory compli- ance, training and awareness, reporting and support for Line of Business executives and the company‚ Atos 150+ Information Security Officer community. At Wells Fargo, he developed and maintained strong relationships with key business leaders, Chief Risk Officers, Internal Audit, Corporate Security, Technology Operations, vendors, service providers, and external industry consortia and agencies. He also led the implementation of solutions for automated policy and incident management, control testing, and reporting; promoted integration of Information Secu- rity-specific tools into the Corporate Enterprise Risk Management Reporting Dashboard; and championed a common process/architecture model for all Operational Risk Management disci- plines. Bill's professional career prior to joining Wells Fargo included roles as Chief Technology Officer for a large, Arizona-based Managed IT Services and Application Hosting company; Cofounder and Chief Technology Officer for an industry-leading software development and professional services company in the areas of Identity and Access Management and Secure Web Portals; and 12 years in various Information Technology Operations and Research & Development roles with several divisions of Motorola, Inc., where he led multiple teams in the design and deploy- ment of secure network infrastructure, business process automation, and communication and collaboration tools to support a global community of employees, contractors, customers and partners. Session 1-4 Description: Rethinking Web-Application architecture for the Cloud This session reveals how StrongAuth solves a common business requirement using defined and unique web-application architecture - Regulatory Compliant Cloud Computing (RC3) - which enables secure cloud-computing. The discussion aids the attendee in considering the elements of architecture that would ensure strong security of sensitive data in the public cloud, with emphasis toward a typical low cost budget. StrongAuth, CEO, shares the creation and reasons for the RC3 architecture and how it is validated by customers for securing finan- cial and healthcare data. Visit: http://www.strongauth.com Presenter: Arshad Noor, CTO, StrongAuth Inc.. Known for his significant experience in enterprise-scale IT architecture, cryptography and open-source software, Arshad Noor is the designer and lead-developer of StrongKey; the industry's first open-source Symmetric Key Management System, and the StrongKey Lite En- cryption System - the industry's first appliance combining encryption, tokenization, key-management and a cryptographic hardware module. He is a many time author and speaker at forums on the subject of encryption and key-management.
  • 6. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 6 1-5 Session Description: Intelligent Operations, Leveraging Cloud & Virtualization Setting Right Targets Dave Robbins, Sr. Vice President and CIO at Ellie Mae, Inc. will share his thoughts on the chal- lenges that both internal IT and public facing (SaaS) technology providers face today. He will discuss some of the changing business needs and expectations that are pressing technology service providers to new delivery models and a greater focus on supporting core business strategies. Finally, Mr. Robbins will share the technology journey he has been driving at Ellie Mae and some of the results and lessons learned along the way. Presenter: David Robbins, CIO and Sr. VP of Ellie Mae, Inc. Joining Ellie Mae in January 2012 from a role as Vice President of Global Infrastructure with NetApp. David led North American infrastructure services strategy for Capgemini Outsourc- ing. He is a 30-year veteran of the information technology industry, having been director of engineering services at Totality Inc. and in various leadership roles during a 15-year tenure at Electronic Data Systems. Session 1-6 Description Business Risk Intelligence With all the new regulatory focus on ensuring a comprehensive approaches to managing your Information Security program, Risk Management, and industry compliance initiatives, how do you keep it all straight. Your budgets are not expanding, your resources are constrained, and your leadership is perplexed by the impact of these initiatives on their organization. Co—Presenter: Gordon Shevlin, CEO of Allgress. He brings more than 25 years of business leadership, technical development, sales, marketing and management experience to the company. He previously co-founded SiegeWorks and SiegeWorks International, a digital defense services firm. There, he grew the company from 3 to 120 employees, building a strong inter- national presence and managing its successful acquisition by FishNet Security, the na- tion's leading provider of information security solutions that combine technology, services, support and training. At FishNet, he served as executive vice president of sales. Shevlin graduated from the University of Michigan. Co-Presenter: Chris Armstrong, CISO. He brings 18+ years of experience in information assurance and technology to Allgress. He has a proven track record of influencing product development and strategy in response to the demands of customers who manage information assurance, security and risk programs within large-scale, complex, global environments. Over the course of his career, he has specialized in information security strategy, architecture and operations; global threat management and assurance; risk management; governance and regulatory/statutory compliance; and global policy management and compliance. Prior to his role with Allgress, Armstrong served in simi- lar leadership roles with Fortune 500 companies in the hospitality, high-tech, health care, and financial sectors. He is a Certified Information Systems Security Professional (CISSP).
  • 7. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 7 Session 1-7 Executive Panel Moderator: Eric Tan, CISA, CGEIT, CPA, Director, PwC Eric Tan, CISA, CGEIT and CPA. Eric is a Director at PwC with over twelve years of experience delivering IT governance and risk management solutions. Eric currently leads PwC's cloud and internet assurance practice based in Silicon Valley. He serves as an internal audit and compliance advisor to various leading SaaS providers in the bay area. His experience includes leading large scale system assessments, performing risk and security reviews; business continuity & disaster recovery diagnostics, and helping his clients implement various compliance and control solutions. Eric focuses on clients in the technology sector. Clients he has served includes Google, eBay, LinkedIn, Novell, Tibco, Shutterfly,and Proofpoint. . Panelist: Douglas A. Brown, Sr. VP of Engineering Operations at NetSuite Inc. (NYSE: N). In this role, Doug is responsible for Uptime, Performance, Security, and Compliance of the Net- Suite Service. NetSuite Operations have achieved PCI-DSS, SAS-70, SOC1, EU-SafeHarbor, SOX, and other compliances. He is additionally responsible for the teams within NetSuite such as : Facilities, IT, Infrastructure, Release, Network, DBA, and Systems Administration. Previously he has been responsible for the Quality Assurance and Internal Audit Departments. Doug has worked for NetSuite for 11+ years. Prior to NetSuite, he worked as a Research Chemist at Henkel Corporation. He holds a Bachelor of Arts in Chemistry from Indiana University and a Masters in Science in Chemistry from the University of Detroit-Mercy Panelist: Douglas Barbin, Principal, BrightLine, CPA Firm, PCI QSA, ISO 27001 Registrar. Doug is a Principal at BrightLine, responsible for all attestation, compliance and certification services for the western United States as well as the PCI and federal (FedRAMP) compliance practices firm-wide. After starting his career with Price Waterhouse, he spent the majority of the technology boom building and operating information security and compliance programs for Fortune 500 enterprises and major technology providers. Doug was previously the director of product management for VeriSign’s managed security services business prior its sale to SecureWorks (now Dell). He was also the overall practice leader for VeriSign’s compliance solutions. Doug is a licensed CPA, and maintains other certifications including CISSP, PCI QSA, and certified fraud examiner (CFE). He was one of the first CSA Certificate of Cloud Security Knowledge (CCSK) recipients where he is an active participant in the CSA’s Cloud Control Matrix (CCM) and CloudAudit initiatives. He has dual-degrees in Accounting and Administration of Justice from Penn State and an MBA from Pepperdine.
  • 8. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 8 Session 1-7 Executive Panel Panelist: Doug Meier, Director, Security & Compliance at Pandora Doug brings 20+ years experience designing and managing infrastructure, security, disaster recovery, and compliance programs for Silicon Valley Internet companies. Doug has designed corporate security programs, managed Exchange mail server migrations for a globally distributed enterprise, architected and implemented regulatory compliance programs and Disaster Recovery initiatives, and managed operations of enterprise-wide IT services and knowledge systems. Panelist: Ahmed Datoo, Chief Marketing Officer, Zenprise Ahmed Datoo's experience in the technology industry spans strategic planning, brand marketing, software engineering and product management. Prior to Zenprise, Mr. Datoo was at EDS, where he was a global Director of Product Development. While at EDS, he built and launched several workflow automation and monitoring automation modules that generated multi-million dollar savings globally. Prior to EDS, Mr. Datoo was on Loudcloud's product management team where he focused on monitoring, storage and performance networking products. Previously, he was a brand manager at Yahoo! where he co-developed the print and radio promotions for Yahoo! Shopping. Mr. Datoo began his career as a strategy consultant at Accenture where he created high tech product development strategies for telecos, media conglomerates and hardware manufacturers. Mr. Datoo holds an MBA, M.A., and B.A. from Stanford University.
  • 9. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 9 Session 2-1 Description: "Did You Want Controls With That?" While companies attempt to achieve and maintain compliance in order to reduce or eliminate the regu- latory, statutory or industry pain of non-compliance, no one likes to chase compliance for the sake of being compliant. The complex compliance landscape has overlapping requirements, tools and practices and some of these are even contradictory. Every time you have to focus some of your already limited resources on navigating through the compliance jungle, you pull further and further away from effec- tively utilizing those resources to drive your organization forward. Managed services and cloud services have matured enough to allow you compartmentalize your compliance initiatives and leverage service providers who are qualified to manage compliance needs on your behalf. Like any other outsourced ser- vice, you should expect support and service levels to meet or exceed your expectations. The session will not only focus on what to look for in a Service SLA, but it will also provide recommended best practices for maximizing your relationship with your managed services provider so that you can refocus internal resources on meeting overall business goals. Visit: http://www.layeredtech.com/ Presenter Jeff Reich, Chief Risk Officer, Layered Tech, ISSA Distinguished Fellow, CRISC, CISSP and CHS-II Responsible for driving the company’s security and compliance services and guiding customers’ risk miti- gation efforts. With more than 30 years of experience, Reich is a well-known risk management and secu- rity expert in the hosting market. He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distin- guished Fellow. His extensive background includes successful programs that have dealt with secu- rity policies, information security, internal controls, physical security, liaison work with local and federal law enforcement, regulatory and audit compliance, business continuity planning, abuse and policy en- forcement management, and change control. Prior to joining Layered Tech, Reich was the chief security officer for Rackspace Hosting, and he also held positions as vice president and chief security officer of CheckFree and senior manager of information protection at Dell Inc. 2-2 Session Description: Looking At Cloud Strategy Through The Lens Of Value Strategy – business imperatives, identify technical components of cloud computing in your organization People – Anticipate a reassessment of talent needs; for example, IT will require architects with the ability to leverage the new cloud capabilities. Processes – Anticipate changes across the organization; Technology – Be prepared to address internal challenges, such as data security and governance in the cloud model, and shifting service models to the business. Structure – Thoughtful consideration of the organizational impacts will smooth the transition to cloud computing; for example, consider the impact that rapid and inexpensive provisioning of technology will have on product development. Presenter: Mike Pearl, Principal Cloud Strategy Practice and Partner with PwC. Mike has extensive experience in helping organizations assess, design and implement strategies. Fo- cusing on the improvement of business and technology process, internal controls and risk management he is the lead technology Partner on some of PwC’s larger Technology clients and specializes in delivering consulting services Software and Internet companies. His work includes helping organizations with their process, technology and security issues related to Software Digital Distribution. Specifically he led a web application architecture assessment project over an online software distribution application for a global software company identifying Improvement opportunities related to the architecture and con- trols over the development and operation of the application.
  • 10. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 10 2-3 Session Description : Apollo Group's business vision includes delivering educational and related business services throughout the world in various forms. One of the key solution is a SaaS based offer- ing of educational platform. To execute on the business vision successfully we needed the following: • Agile environment that enables Apollo to scale based on needs of the business • Reduce time to bring new services online • Improve the overall experience of the tenants • Reduced risk to business • Maintain compliance • Global view • Reduce the overall cost Cloud’s value resides in on-demand resources, offering agility to bring new services on, elasticity to scale up and down, an automated self-service model, and access to services from anyplace and any- where in the network. The cloud approach optimizes use of resources to drive a cost-effective solution. Cloud initiatives are critically important to Apollo in achieving the strategic goal of having a nimble IT infrastructure and Education Platform with an solid security backbone. The IaaS cloud delivery model that Apollo chose is a Hybrid Cloud with Amazon being the Public Cloud Vendor. The talk goes into how enterprise-level security can be achieved in any Public cloud as well as non-traditional and customized ways of addressing general security requirements within public clouds from Vulnerability Assessment, Access Management, Key Management, Database Monitoring, IDS/IPS deployment, Application Secu- rity, Database Security , Security Monitoring , Traditional/Virtual Patching etc. .We will also delve into additional security requirements that are unique only to public cloud when it comes to addressing secu- rity of Tenant data. Finally, the discussion will take a journey into the architectural, design, practical implementation, selection process of CSPs, gaps and best practices found through building Apollo’s Education Services on a Hybrid Platform (Public/Private) Presenter: Kartik Trivedi, VP / Co-Founder at Symosis Symosis, a high end mobile and application security advisory firm with more than a decade of experi- ence in providing security risk assessment, quantification, remediation and compliance management services to Fortune 500 companies. Kartik has performed several hundreds application security assess- ments, code reviews, reverse engineering analysis, threat models, penetrations tests, network reviews and incident responses. He was previously the director of application security at Accuvant, Security Manager at McAfee, security consultant at Foundstone and software development engineer at Concept Sol. He has contributed to many security books- hardening code, hacking exposed, how to break web security and is a regular speaker at several conferences including RSA conference, WebAppSec, OWASP and ToorCon. Kartik has MBA and MS degrees and CISM, CISA, CISSP certifications Co-Presenter: Lenin Aboagye, Principal Security Architect at Apollo Group. Responsible for overseeing all security pertaining to Apollo's Education Platform and Applications. He is a seasoned Information Security professional with over 10 years of experience in different roles in the security field. A sought after speaker on Cloud, Mobile and Application Security topics. His experi- ence in security has led him to hold different roles from security analyst, penetration tester, security engineer and security architect roles in several high-profile organizations in Media & Television, Educa- tion, Health, Real Estate and Energy industries. He worked as a Security consultant for Accuvant, Inc. and was also a Senior Security Consultant with Verisign's Global Group. Contributing member of the CSA Security- As- A-Service (SecAAS) working group and is an active participant in several other Infor- mation Security related interests. Lenin holds a BA, and graduated top of his class with a double major in Computer Science and Math.
  • 11. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 11 Session 2-4 Description: Using COBIT 5 Process Assessment Model (PAM) and Cloud Audit Methodology: ISACA Guidance to our Every Day activities to Assess company Services that Extend to the Cloud This is an introduction to the newly updated ISO/IEC 15504 compliant, COBIT 5 Process Assessment Model (PAM). This model is the basis for the assessment of an enterprise’s IT processes against COBIT 5. The assessment model is useful for identifying the enterprise’ current state, setting targets for desired improvement, and recognizing progress in implementing the processes that support and enable excellence in strategic alignment, value delivery, risk management and resource management. Use of the COBIT 5.0 Process Assessment Model gives and evidence and standards based assessment of process capability. Presenter: ISACA SF President Debra Mallette CGEIT®, CISA®, CSSBB (ASQ Certified Six Sigma Black Belt), and Managed Change™ Master, is an early adopter of COBIT for imple- menting IT Governance. Having used the COBIT 3 Maturity Model, written ISACA/ITGI’s SEI CMM to COBIT 4.0 and SEI CMMI to COBIT 4.1 mapping papers, and serving on the COBIT 5. Development Group, she was asked to serve as an expert reviewer for the COBIT 4.1 and COBIT 5 Process Assessment Method (PAM). She has previously been a certified SEI CMMI assessor and ISO TickIT qualified. Debra has been working with quality management systems, systems of internal control, process performance measurement, monitoring, and improvement programs throughout most of her career. She is an ISACA certified instructor for Implementing and Continuously Improving IT Governance, V3.0, as well as Introduction to COBIT 5. Past President of ISACA San Francisco Chapter, for her day job, she’s an ITIL Service Management Process Consultant Specialist in Kaiser Permanente’s 5000 person-strong IT organization serving the largest and original Health Maintenance Organization in the United States. Session 2-4 Description—Part Two Big Risk, Big Data, showing the issues in assigning govern- ance, risk and compliance steps to projects using "Big Data" technologies. This presentation is an interactive discussion that is likely to spill into conversations throughout the remainder of the day. To preview the points, view more at http://www.enterprisegrc.com/ IMA_ValofData/ Presenter: ISACA SV Conference Director, Robin Basham, M.ED, M.IT, CISA, CGEIT, CRISC, ACC, CRP, VRP, and HISP, Managing Partner, EnterpriseGRC Solutions Inc.® Over the last decade Robin has architect more than 70 GRC programs, delivering end to end solutions with full knowledge transfer to program owners and users. Robin is also past president for the Association for Certified Green Technology Auditors, ACGTA, a frequent committee contribu- tor to the ISACA Silicon Valley Chapter and liaison to the ITSMF SV chapter, as well as fre- quent participant in Cloud Security Alliance local chapter. EnterpriseGRC Solutions is recently added to the Cloud Credential Council and is named to the certification committee of The Holistic Information Security Practitioner Institute (HISPI). EnterpriseGRC Solutions® is an active sponsor to Information Systems Audit and Control Association, ISACA®, listed as corporate sponsor and many time CobiT® trainer for the ITGI.
  • 12. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 12 2-5 Session Description: Similarities, Benefits and Potential Drawbacks to implementing SAP as a Hosted Solution - This session examines several common audit programs as outlined IS- ACA's Security Audit and Control Features for SAP ECC 6.0 guidance and as recommended in general ERP compliance practice. Visit http://www.istreetsolutions.com/ Presenter: Mark Richter, President, iStreet Solutions, LLC. Mark Richter has over 30 years’ experience helping companies improve profits and uncover additional economic value by applying enterprise best practices and the latest in information technology solutions. His vision is transformative and critical to creating the iStreet Services Platform as he blends cloud and virtualization technologies, with the security considerations demanded of dedicated platforms. His career began at Hewlett-Packard where he held various technology and leadership positions, moved to VoIP startup Appiant Technologies and then Ragingwire Enterprise Solutions. Before founding iStreet Solutions in 2004 he served as business application hosting Infrastructure Practice Director at Rapidigm, now a part of Fujitsu Consulting. Mark holds an MBA and Bachelor of Science degree in engineering. Session 2-6 Closing the Gap Between Security and Compliance New technologies and the way we work are challenging the traditional controls put in place for security. How we deploy security to maintain control and visibility has to change to keep up. Check Point’s approach using multi-layered security can provide the necessary controls and provide the visibility to confidently embrace these new technologies and ways of working Presenter: Fred Kost, Head of Product Marketing at Check Point Software Technologies Fred brings a wealth of marketing and security experience and a passion for security. Prior to joining Check Point, Fred was director of security marketing for Cisco where he led marketing for the portfolio of security products and solutions. He has extensive network security experience spanning both established industry leaders and early stage ventures. Fred has held technology marketing and development positions with Recourse Technologies, Symantec, nCircle and Blue Lane Technologies. He earned a Bachelor of Science in Electrical Engineering from Purdue University and an MBA from the University of North Carolina.
  • 13. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 13 Session 2-7 Panel Discussion Session 2-7 Description: Trust Services in Cloud Based Business, Session Descrip- tion: Companies depending on SOC 1, SOC 2 and SOC 3 need to be clear in the extent of expo- sure analysis and more transparent in what they commit to external reporting. This panel in- cludes Directors in Information Audit who have specific experience in assisting public and pri- vate companies in selecting and achieving external reporting requirements. The session will consider where the current standards need improvement and how new frameworks from AICPA and ISACA can assist in filling gaps. Moderator: Sumit Kalra, CISA, CISSP, is a Director at Burr Pilger Mayer, where he manages the Assurance Services practice specializing in information technology, SAS70 Audits, and assessments. His 12 years of industry experience include 6 years at international CPA firms, and 6 years at companies in the technology, consumer products and financial services industries. His knowledge base spans a variety of ERP solutions and complex infrastructure implementations. Sumit has a BS in Accounting and Computer Information Systems from San Francisco State University. Panelist: Harshul Joshi, CISSP, CISA, CISM, Director PwC. As a Director in the security practice with primary areas of focus in IT security and compliance based risk assessments, Harshul's expertise includes Threat and Vulnerability modeling and security architecture. He has worked with various compliance standards including: PCI (Payment Card Industry), Sarbanes Oxley 404, GLBA (Gramm Leach Bliley Act), PCI (Payment Card Industry) and SAS 70. Harshul has worked in Fortune 100 companies assisting with IT compliance, audit and security initiatives and is an internationally known speaker. Some of the sample topics he speaks on include PCI, Wireless Security, Auditing Firewalls and Intrusion Detection, Risks of IT Outsourcing and Offshoring and Performing IT Risk assessment from a Business stand-point. He has spoken at various conferences in Singapore, India and in United States. He is a regular speaker at ISACA North American Conference as well as Network Security Conference. Harshul is a Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM). Harshul has an MBA in International Business and a MS in Information Systems. Prior to joining PwC, Harshul was a Director of Technology consulting for CBIZ MHM LLC, where he headed the security practice creating and delivering risk assessment services. He also spearheaded IT security and compliance at Sony Corporate audit group performing compliance and audit assessments for Sony Electronics, Sony Music and Sony Pictures. Prior to joining Sony, Harshul was a Security Architect with Verizon / GTE.
  • 14. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 14 Panelist: Jeremy Sucharski, CISA, CRISC is a Director in Armanino McKenna’s CFO Advisory Services Practice. Jeremy is the Governance, Risk and Compliance practice leader. Jeremy has over 12 years of experience in audit and consulting with a strong focus on SOX, SOC audits and information security consulting. Jeremy currently leads the Governance Risk and Compliance (GRC) and SOC audit practices at Armanino McKenna. Prior to joining AMLLP, Jeremy worked in the Deloitte ERS practice focusing in IT Internal Audit. Prior to Deloitte, Jeremy spent several years with the Federal Government in various finance and IT-related positions. Throughout his ca- reer, Jeremy has focused on assisting clients in designing processes and controls that strike the proper balance between the need to protect a company while not being unduly onerous and restricting their ability to innovate. Jeremy has served clients in a variety of industries including transportation, high technology and consumer products. Panelist: Jay Swaminathan, CISA, CPA, CRISC, Director SOAProjects, provides Internal Audit and IT risk consultation to his clients. Jay has more than 10 years of experience in varied industries. In his current role at SOAProjects, he specializes in implementing optimization and process improvements for his clients in compliance and other areas. His expertise includes in depth knowledge of Oracle EBS, related tools and methodologies to evaluate the ERP system. Prior to SOAProjects, Jay was with the Risk Advisory Services in Ernst & Young. Jay was responsible for managing and executing review of IT systems as part of financial and Sarbanes-Oxley 404 audits of major corporations like Seagate, Spansion, and Copart. Jay was an Oracle Subject Matter Resource (SMR) at Ernst & Young practice and instructed various Oracle training sessions. Jay is the recent past President of the ISACA Silicon Valley chapter and successfully lead the 830-member organization, steering goals and objectives and in collabora- tion with a team of board members, executes programs for the benefit of the members. He instructs the CISA review courses and is a regular speaker at different conferences. Jay is an undergraduate in Management from Bangalore University. Panelist: Douglas A. Brown, Sr. VP of Engineering Operations at NetSuite Inc. (NYSE: N). Brian K. Taylor, CISA, is the SR Director of Compliance, Systems and Tools at NetSuite Inc. (NYSE: N). In this role, Brian is responsible for IT Compliance in such areas as SOC 1/2, SOX ITGC, EU Safe Harbor, and PCI DSS. Brian established and grew NetSuite’s IT Compliance practice, leading the teams that first successfully implemented and achieved SAS 70 and PCI DSS, as well as growing and managing the SOX/Internal Audit team. Before taking on his current responsibilities, he worked on the NetSuite Product Management team, managing customization, scripting, administration, and integration products. He is additionally responsi- ble for the team within NetSuite that runs the company on the NetSuite OneWorld product, as well as an engineering release team. Brian has worked for NetSuite for 12 years, has 10 years experience in IT compliance, and more than 20 years experience in Information Technology. Prior to NetSuite, he worked as a Compliance and Design Engineer at Lucent Technologies. He is a Certified Information Systems Auditor (CISA) and holds a Bachelor of Arts and Science in English and Computer Science from UC Davis and a Masters in Science in Chemistry from the University of Detroit-Mercy
  • 15. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 15 Platinum Sponsors Silver Sponsors
  • 16. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 16 ISACA Silicon Valley has been providing IT Audit, Security, and Governance Profes- sionals with the training and networking opportunities they need to compete and thrive since 1982. We are continuing this tradition at our 2012 Summer Conference, where we offer our attendees are a range of industry leaders, speaking to their wis- dom and experience in Enabling Trust through Business in the Cloud. Don’t miss our upcoming Winter Conference, offering two full day courses that move beyond the- ory to emphasize practical skills you can utilize at work or to improve your market- ability. The Conference Committee has worked hard to provide a cost effective, value driven, high quality educational and networking experience. We tailor our events for ISACA members as well as Bay area professionals in governance and compliance fields. We hope we have succeeded. As always, you input is greatly appreciated, and we strongly encourage you to fill-out the Evaluation Forms at the end of each day. You are also welcome to seek us out with any comments or suggestions you might have to help us continually improve. Yours Sincerely, The ISACA SV Summer Conference Commit- tee 2012 Summer Conference Committee Robin Basham, Conference Director Please learn more about the key roles played Sumit Kalra, Chapter President by our volunteers. Read their bios on page 17. Mike Jordan, Chapter Vice President Brendan Lewis - Coordinator Ruchi Verma, Secretary Bala Krishnan - Liaison Robert Ikeoka, Treasurer Pratul Kant - Liaison Greg Edwards, Membership Director Prasad Sanjeevaiah - Liaison Pat Kumar, Communications Director Sivakumar Natesan - Liaison, Web Support Dharshan Shanthamurthy, Certifica- tion Director Monica Pope— Design, flyer Naimish Anarkat, Programs Director Marlin Pohlman - Liaison Larry Halme, Academic Relations Director Mohammed Saifuddi - Marketing Jay Swaminathan, Past President Catherine Skrbina - Registration Committee Members
  • 17. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 17 Meet the volunteers, ISACA SV Summer Conference Committee Members of the ISACA Silicon Valley Board of Directors put substantial personal efforts to supporting the activities of Summer and Winter Conference. Attendees can learn more about our Board by visiting our website Meet Our Board Brendan Lewis Communication Coordinator, Brendan Lewis has more than 15 years of experience across IT disciplines and currently serves in IT Governance at KLA-Tencor. He recently passed his CGEIT exam. Bala Krishnan Volunteer Coordinator, Bala is a Senior Management Consultant with over 10 years experience focusing on ERP business processes and information risk advisory services for global organizations with expertise in the areas of IT Audit, Compliance, Controls, Data Privacy and SAP Security design/opti- mization. He holds two leading certifications of Certified Information Systems Auditor (CISA) and Certified Informa- tion Privacy Professional (CIPP/IT) and is a former Big 4 Consultant. Pratul Kant Liaison, Pratul is a Senior IT Infrastructure and Information Security professional with over 18 years of experience focusing on Enterprise IT systems, IT infrastructure (including Virtualization, Cloud and SaaS based solutions), Information Security and IT production operations. He holds a degree in Electrical En- gineering (B.Sc. Engineering), a master’s degree in Information Systems (MSIS) and an industry standard information security certification (Certified Information Security Manager or CISM) from ISACA. Monica Pope Flyer support and graphic artist, Monica Pope – SharePoint Administrator and IT Compliance Specialist at DDi. Monica Pope – SharePoint Administrator and IT Compliance Specialist at DDi. 6 years experi- ence with SharePoint Administration. During this time as the Intranet Project Manager for DDi I con- solidated the company’s Intranet using the SharePoint Platform. In the last 8 years, as a member of the IT Security Group and in the role of SOX control owner of the IT Change Management, I coordinated the IT Control Board; developed, updated and communicated IT Policies and Procedures for DDi. Marlin Pohlman Liaison, Chief Technology Officer at Haliphron, uniting Cloud Service Level Agreements to metrics pro- vided by major vendors, Marlin Pohlman is the former Chief Governance Officer of EMC. In this role he coordinated the activities of standards based IT governance with EMC, its Security Division RSA and its holdings in VMWare and Acadia. Dr. Pohlman represents ISACA in ISO SC27 JTC1 and is the co-editor for the 27017 Cloud Security Standard as well as a contributor and shareholder in the CAMM project. He is a licensed engineer and holds the CSA CCSK certification the ISC2 CISSP certification as well as the ISACA CISM, CISA, CGEIT, CRISC certifications, is also a paralegal. Mohammed Saifuddi Liaison, Mohammed graduated from Texas A&M University and as has been Working as a Solutions Architect at Questivity-a Data Center and IT Infrastructure Solutions provider. He is also involved in IS Audits and aligning processes following ITILv3 best practices for Questivity customers. He is ITIL and COBIT trained. We also wish to acknowledge people who showed up to man the registration table and to assist with physical demands in supporting the exhibition, with mention to Catherine Skrbina and Prasad Sanjeevaiah . For support on the website banner, Thank you, Sivakumar Natesan
  • 18. http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 18 Venue Information and a note regarding Academic Relations The 2012 Summer Conference will be held at: Biltmore Hotel & Suites 2151 Laurelwood Road Santa Clara, CA 95054 (408) 988-8411 Free Parking ISACA Supports Academic Research Academic research is the foundation of many of the breakthroughs and new theories supporting the IT assurance, information security and IT governance professional space. ISACA is pleased to sup- port academic research projects by posting these descriptions of peer-reviewed research projects underway. You are encouraged to participate in those you find of special interest or pertinence. ISACA Silicon Valley maintains a relationship with San Jose State University. To learn more contact the Academic Relations Director A special thank you is in order to the companies that volunteered sponsorship for local university students. In addition to their generous conference support, these companies also hosted student attendance for this and future ISACA SV training events.