2012 Summer Conference Brochure

August 23rd & 24th - Santa Clara, California
This event counts towards 14 hours of Continuing Professional Education
14 CPEs
ISACA SILICON VALLEY
2012 Summer Conference
Enabling Trust: Business In the Cloud
Schedule August 23rd 3
Schedule August 24th 4
Day 1 Sessions and Bios 5
Day 2 Sessions and Bios 9
Sponsors 15
From the ISACA SV Board 16
About Our Committee 17
Venue Information 18
Academic Relations 18
Conference BrochureCloud Business Track- What Business has done to
Enable our Trust
Auditing Track- How Cloud Affects Audit Methods to
Ensure & Assess
Cutting Edge Business, Audit & Technology Topics
14 Sessions by Notable Industry Experts
Thursday Night Networking Reception
Sponsor Exhibits and Raffles
http://www.isaca-sv.org

http://www.isaca-sv.org/ Enabling Trust: Business in the Cloud—ISACA SV Summer Conference 2012 2
Program Day One -Thursday, 23 August 2012
Time Event / Topic Speaker
8:00 AM Registration, Networking & Coffee,
8:45 AM Welcome Message from the ISACA SV President and
The ISACA SV Board
Sumit Kalra, Robin Basham
The ISACA Board
9:00 AM Keynote:
Session 1-1: Our Responsibility in the New Cloud Economy
Wolfgang Kandek
CTO - Qualys, Inc.
9:30 AM Session 1-2 : The Boundaries of Business When Your Business
is SaaS. How to Design Software Users Love
(Kevin Hale is the Founder of WuFoo, recently acquired by Sur-
vey Monkey.)
Kevin Hale
Sr Product Manager
SurveyMonkey
10:30 AM Session 1-3 : Building And Maintaining Trust In An Increasingly
Social And Mobile Environment
Bill Ender
Director, Consulting
Practice - EMC Consulting
11:30 AM Lunch and Networking - Enjoy time with Conference Sponsors
12:30 PM Session 1-4: Rethinking Web-Application architecture for the
Cloud
Arshad Noor
CTO - StrongAuth, Inc.
1:30 PM Session 1-5: Intelligent Operations, Leveraging Cloud &
Virtualization - Setting The Right Operational Targets
David Robbins
CIO - Ellie Mae, Inc.
2:30 PM Session 1-6: Business Risk Intelligence - Information Security
Management, Risk Management, and Industry
Compliance Initiatives - how do you keep it all straight
Gordon Shevlin
CEO - Allgress
Chris Armstrong,
CISO - Allgress
3:30 PM Break
3:45 PM Session 1-7: Executive Panel Discussion - Moderator: Eric Tan, PwC
Enterprise Systems - The Secret to Their Success
• Ahmed Datoo, CMO - Zenprise
• Douglas Barbin, Principal, BrightLine
• Douglas A. Brown, Sr. VP of Eng Operations, NetSuite, Inc.
• Doug Meier, Director Security & Compliance, Pandora
5:15 PM Sponsors Exhibit, Networking & Reception (until 7:30 PM)
Cloud Business Track- What Business has done to Enable our Trust

Program Day Two—Friday, 24 August 2012
Time Event / Topic Speaker
8:00 AM Networking & Coffee
8:30 AM Message from the ISACA SV President
Sumit Kalra, Robin Basham
The ISACA Board
8:45 AM Session 2-1: “Did you want controls with that?” Model for
IT Assurance as a Service – The Emergence of Controls in
Infrastructure as a Service SLA
Jeff Reich
CRO - Layered Tech
9:30 AM Session 2-2: Big Business Big Risk, How We Measure a
Secure Enterprise
Mike Pearl
Principal, Cloud Strategy
Practice, and Partner - PwC
10:30 AM Session 2-3: Building Enterprise Level Security into Public
Clouds
Kartik Trivedi
VP / Co-Founder at Symosis
Lenin Aboagye
Apollo Group, Inc.
11:30 AM Lunch and Networking - Enjoy time with Conference Sponsors
12:30 PM Session 2-4: Using COBIT 5 Process Assessment Model
(PAM), Followed by “Applying ISACA Guidance to
Understanding the Value of Our Data, Big Risk—Big Data”
Debra Mallette
ISACA SF Past President
Robin Basham
ISACA SV Conference Dir,
CEO, EnterpriseGRC Solutions Inc.
1:30 PM Session 2-5: Benefits and Potential Drawbacks to
implementing SAP as a Hosted Solution. How ERP Controls
are Same and Different when Serviced In the Cloud
Mark Richter
President
iStreet Solutions, LLC
2:30 PM Session 2-6: Closing the Gap Between Security and Com-
pliance
Fred Kost
Head of Product Marketing
Check Point Software
Technologies
3:30 PM Break
3:45 PM Session 2-7 Panel Discussion - Moderator: Sumit Kalra, Director at Burr Pilger Mayer
Trust Services in Cloud Based Business, Session Description
• Jay Swaminathan , Director SOAProjects
• Harshul Joshi, Director PwC
• Jeremy Sucharski, Dir Armanino McKenna, CFO Advisory Services Practice
• Brian K. Taylor, Sr. Dir of Compliance, Systems and Tools at NetSuite Inc.
5:15 PM Sponsor Raffles and Conference Closing Remarks
Auditing Track- How Cloud Affects Audit Methods to Ensure and Assess

Session 1-1 Description: Responsibility in the New Cloud Economy
Wolfgang is a frequent speaker at security events and forums including Black Hat, RSA Confer-
ence, InfoSecurity UK and The Open Group. Wolfgang is the main contributor to the Laws of
Vulnerabilities blog. When we asked who might speak to “Responsibility in the New Cloud
Economy” Wolfgang’s leadership at Qualys seemed the perfect fit.
Presenter: Wolfgang Kandek, CTO - Qualys
Wolfgang is responsible for product direction and all operational aspects of the
QualysGuard platform and its infrastructure.
Wolfgang has over 20 years of experience in developing and managing information systems.
His focus has been on Unix-based server architectures and application delivery through the
Internet. Prior to joining Qualys, Wolfgang was Director of Network Operations at the Online
Music streaming company myplay.com and at iSyndicate, an Internet media
syndication company. Earlier in his career, Wolfgang held a variety of technical positions at
EDS, MCI and IBM. Wolfgang earned master's and bachelor's degrees in computer science
from the Technical University of Darmstadt, Germany.
Visit: http://www.qualys.com
Session 1-2 Description: The Boundaries of Business When Your Business is SaaS– How to
Design Software Users Love
(Open your mind to business without walls.)
There's been a paradigm shift in business over the last 20 years. Users and customers want a
relationship. They want to fall in love. When it comes to software and the Internet, you don't
have the benefits and reminders of face to face interactions, so it's easy to forget how a little
love goes a long way.
This session shares the story of Wufoo and also look at how companies and their products
are wooing their users, keeping the romance alive and sustaining lasting relationships that
turn out to make for profitable returns.
Presenter: Kevin Hale, Senior Product Manager - SurveyMonkey
Kevin is the Co-founder of Infinity Box Inc, a Y Combinatory seeded company that built
Wufoo, an online form builder, ranked by Jakob Nielson as one of the best application UIs of
2008. After selling Wufoo to SurveyMonkey for 35 million dollars in 2011, Kevin is now Sen-
ior Product Manager responsible for safeguarding and enhancing the user experience of Sur-
veyMonkey's products.
The conference feedback forms have been supplied for free
by the brilliant engineers and generous founders of Wufoo.
Visit: http://www.wufoo.com

Session 1-3 Description: Building and Maintaining Trust in an Increasingly Social and Mo-
bile Environment: How do we protect information in a universe increasingly dominated by
services (Facebook, Google+, LinkedIn, etc.) and devices (smartphones, iPads, etc.) designed
to make information transparent and portable
Presenter: Bill Ender, Director, Consulting Practice – EMC Consulting.
Bill is EMC's GRC Evangelist. Prior to joining EMC, Bill was Senior VP of Corporate Information
Security for Wells Fargo Bank (2003-2010), where he led the creation, implementation an main-
tenance of the Information Security Management Program, policy, controls, regulatory compli-
ance, training and awareness, reporting and support for Line of Business executives and the
company‚ Atos 150+ Information Security Officer community. At Wells Fargo, he developed and
maintained strong relationships with key business leaders, Chief Risk Officers, Internal Audit,
Corporate Security, Technology Operations, vendors, service providers, and external industry
consortia and agencies. He also led the implementation of solutions for automated policy and
incident management, control testing, and reporting; promoted integration of Information Secu-
rity-specific tools into the Corporate Enterprise Risk Management Reporting Dashboard; and
championed a common process/architecture model for all Operational Risk Management disci-
plines.
Bill's professional career prior to joining Wells Fargo included roles as Chief Technology Officer
for a large, Arizona-based Managed IT Services and Application Hosting company; Cofounder
and Chief Technology Officer for an industry-leading software development and professional
services company in the areas of Identity and Access Management and Secure Web Portals;
and 12 years in various Information Technology Operations and Research & Development roles
with several divisions of Motorola, Inc., where he led multiple teams in the design and deploy-
ment of secure network infrastructure, business process automation, and communication and
collaboration tools to support a global community of employees, contractors, customers and
partners.
Session 1-4 Description: Rethinking Web-Application architecture for the Cloud
This session reveals how StrongAuth solves a common business requirement using defined
and unique web-application architecture - Regulatory Compliant Cloud Computing (RC3) -
which enables secure cloud-computing. The discussion aids the attendee in considering the
elements of architecture that would ensure strong security of sensitive data in the public
cloud, with emphasis toward a typical low cost budget. StrongAuth, CEO, shares the creation
and reasons for the RC3 architecture and how it is validated by customers for securing finan-
cial and healthcare data. Visit: http://www.strongauth.com
Presenter: Arshad Noor, CTO, StrongAuth Inc..
Known for his significant experience in enterprise-scale IT architecture, cryptography and
open-source software, Arshad Noor is the designer and lead-developer of StrongKey; the
industry's first open-source Symmetric Key Management System, and the StrongKey Lite En-
cryption System - the industry's first appliance combining encryption, tokenization,
key-management and a cryptographic hardware module. He is a many time author and
speaker at forums on the subject of encryption and key-management.

1-5 Session Description: Intelligent Operations, Leveraging Cloud & Virtualization Setting
Right Targets
Dave Robbins, Sr. Vice President and CIO at Ellie Mae, Inc. will share his thoughts on the chal-
lenges that both internal IT and public facing (SaaS) technology providers face today. He will
discuss some of the changing business needs and expectations that are pressing technology
service providers to new delivery models and a greater focus on supporting core business
strategies. Finally, Mr. Robbins will share the technology journey he has been driving at Ellie
Mae and some of the results and lessons learned along the way.
Presenter: David Robbins, CIO and Sr. VP of Ellie Mae, Inc.
Joining Ellie Mae in January 2012 from a role as Vice President of Global Infrastructure with
NetApp. David led North American infrastructure services strategy for Capgemini Outsourc-
ing. He is a 30-year veteran of the information technology industry, having been director of
engineering services at Totality Inc. and in various leadership roles during a 15-year tenure at
Electronic Data Systems.
Session 1-6 Description Business Risk Intelligence
With all the new regulatory focus on ensuring a comprehensive approaches to managing your
Information Security program, Risk Management, and industry compliance initiatives, how do
you keep it all straight. Your budgets are not expanding, your resources are constrained, and
your leadership is perplexed by the impact of these initiatives on their organization.
Co—Presenter: Gordon Shevlin, CEO of Allgress.
He brings more than 25 years of business leadership, technical development, sales,
marketing and management experience to the company.
He previously co-founded SiegeWorks and SiegeWorks International, a digital defense
services firm. There, he grew the company from 3 to 120 employees, building a strong inter-
national presence and managing its successful acquisition by FishNet Security, the na-
tion's leading provider of information security solutions that combine technology,
services, support and training. At FishNet, he served as executive vice president of sales.
Shevlin graduated from the University of Michigan.
Co-Presenter: Chris Armstrong, CISO.
He brings 18+ years of experience in information assurance and technology to Allgress. He
has a proven track record of influencing product development and strategy in response to the
demands of customers who manage information assurance, security and risk programs within
large-scale, complex, global environments. Over the course of his career, he has specialized
in information security strategy, architecture and operations; global threat management and
assurance; risk management; governance and regulatory/statutory compliance; and global
policy management and compliance. Prior to his role with Allgress, Armstrong served in simi-
lar leadership roles with Fortune 500 companies in the hospitality, high-tech, health care, and
financial sectors. He is a Certified Information Systems Security Professional (CISSP).

Session 1-7 Executive Panel
Moderator: Eric Tan, CISA, CGEIT, CPA, Director, PwC
Eric Tan, CISA, CGEIT and CPA. Eric is a Director at PwC with over twelve years of
experience delivering IT governance and risk management solutions. Eric currently leads PwC's
cloud and internet assurance practice based in Silicon Valley.
He serves as an internal audit and compliance advisor to various leading SaaS providers in the
bay area. His experience includes leading large scale system assessments, performing risk and
security reviews; business continuity & disaster recovery diagnostics, and helping his clients
implement various compliance and control solutions.
Eric focuses on clients in the technology sector. Clients he has served includes Google, eBay,
LinkedIn, Novell, Tibco, Shutterfly,and Proofpoint.
.
Panelist: Douglas A. Brown, Sr. VP of Engineering Operations at NetSuite Inc. (NYSE: N).
In this role, Doug is responsible for Uptime, Performance, Security, and Compliance of the Net-
Suite Service. NetSuite Operations have achieved PCI-DSS, SAS-70, SOC1,
EU-SafeHarbor, SOX, and other compliances. He is additionally responsible for the teams
within NetSuite such as : Facilities, IT, Infrastructure, Release, Network, DBA, and Systems
Administration. Previously he has been responsible for the Quality Assurance and Internal
Audit Departments. Doug has worked for NetSuite for 11+ years. Prior to NetSuite, he worked
as a Research Chemist at Henkel Corporation. He holds a Bachelor of Arts in Chemistry from
Indiana University and a Masters in Science in Chemistry from the University of Detroit-Mercy
Panelist: Douglas Barbin, Principal, BrightLine, CPA Firm, PCI QSA, ISO 27001 Registrar.
Doug is a Principal at BrightLine, responsible for all attestation, compliance and certification
services for the western United States as well as the PCI and federal (FedRAMP) compliance
practices firm-wide. After starting his career with Price Waterhouse, he spent the majority of
the technology boom building and operating information security and compliance programs
for Fortune 500 enterprises and major technology providers. Doug was previously the director
of product management for VeriSign’s managed security services business prior its sale to
SecureWorks (now Dell). He was also the overall practice leader for VeriSign’s compliance
solutions. Doug is a licensed CPA, and maintains other certifications including CISSP, PCI QSA,
and certified fraud examiner (CFE). He was one of the first CSA Certificate of Cloud Security
Knowledge (CCSK) recipients where he is an active participant in the CSA’s Cloud Control
Matrix (CCM) and CloudAudit initiatives.
He has dual-degrees in Accounting and Administration of Justice from Penn State and an MBA
from Pepperdine.

Session 1-7 Executive Panel
Panelist: Doug Meier, Director, Security & Compliance at Pandora
Doug brings 20+ years experience designing and managing infrastructure, security, disaster
recovery, and compliance programs for Silicon Valley Internet companies.
Doug has designed corporate security programs, managed Exchange mail server migrations for
a globally distributed enterprise, architected and implemented regulatory compliance
programs and Disaster Recovery initiatives, and managed operations of enterprise-wide
IT services and knowledge systems.
Panelist: Ahmed Datoo, Chief Marketing Officer, Zenprise
Ahmed Datoo's experience in the technology industry spans strategic planning, brand
marketing, software engineering and product management. Prior to Zenprise, Mr. Datoo was
at EDS, where he was a global Director of Product Development. While at EDS, he built and
launched several workflow automation and monitoring automation modules that generated
multi-million dollar savings globally. Prior to EDS, Mr. Datoo was on Loudcloud's product
management team where he focused on monitoring, storage and performance networking
products. Previously, he was a brand manager at Yahoo! where he co-developed the print and
radio promotions for Yahoo! Shopping. Mr. Datoo began his career as a strategy consultant at
Accenture where he created high tech product development strategies for telecos, media
conglomerates and hardware manufacturers. Mr. Datoo holds an MBA, M.A., and B.A. from
Stanford University.

Session 2-1 Description: "Did You Want Controls With That?"
While companies attempt to achieve and maintain compliance in order to reduce or eliminate the regu-
latory, statutory or industry pain of non-compliance, no one likes to chase compliance for the sake of
being compliant. The complex compliance landscape has overlapping requirements, tools and practices
and some of these are even contradictory. Every time you have to focus some of your already limited
resources on navigating through the compliance jungle, you pull further and further away from effec-
tively utilizing those resources to drive your organization forward. Managed services and cloud services
have matured enough to allow you compartmentalize your compliance initiatives and leverage service
providers who are qualified to manage compliance needs on your behalf. Like any other outsourced ser-
vice, you should expect support and service levels to meet or exceed your expectations. The session will
not only focus on what to look for in a Service SLA, but it will also provide recommended best practices
for maximizing your relationship with your managed services provider so that you can refocus internal
resources on meeting overall business goals. Visit: http://www.layeredtech.com/
Presenter Jeff Reich, Chief Risk Officer, Layered Tech, ISSA Distinguished Fellow, CRISC,
CISSP and CHS-II
Responsible for driving the company’s security and compliance services and guiding customers’ risk miti-
gation efforts. With more than 30 years of experience, Reich is a well-known risk management and secu-
rity expert in the hosting market. He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distin-
guished Fellow. His extensive background includes successful programs that have dealt with secu-
rity policies, information security, internal controls, physical security, liaison work with local and federal
law enforcement, regulatory and audit compliance, business continuity planning, abuse and policy en-
forcement management, and change control. Prior to joining Layered Tech, Reich was the chief security
officer for Rackspace Hosting, and he also held positions as vice president and chief security officer of
CheckFree and senior manager of information protection at Dell Inc.
2-2 Session Description: Looking At Cloud Strategy Through The Lens Of Value
Strategy – business imperatives, identify technical components of cloud computing in your organization
People – Anticipate a reassessment of talent needs; for example, IT will require architects with the ability
to leverage the new cloud capabilities.
Processes – Anticipate changes across the organization;
Technology – Be prepared to address internal challenges, such as data security and governance in the
cloud model, and shifting service models to the business.
Structure – Thoughtful consideration of the organizational impacts will smooth the transition to cloud
computing; for example, consider the impact that rapid and inexpensive provisioning of technology will
have on product development.
Presenter: Mike Pearl, Principal Cloud Strategy Practice and Partner with PwC.
Mike has extensive experience in helping organizations assess, design and implement strategies. Fo-
cusing on the improvement of business and technology process, internal controls and risk management
he is the lead technology Partner on some of PwC’s larger Technology clients and specializes in delivering
consulting services Software and Internet companies. His work includes helping organizations with their
process, technology and security issues related to Software Digital Distribution. Specifically he led a
web application architecture assessment project over an online software distribution application for a
global software company identifying Improvement opportunities related to the architecture and con-
trols over the development and operation of the application.

2-3 Session Description : Apollo Group's business vision includes delivering educational and related
business services throughout the world in various forms. One of the key solution is a SaaS based offer-
ing of educational platform. To execute on the business vision successfully we needed the following:
• Agile environment that enables Apollo to scale based on needs of the business
• Reduce time to bring new services online
• Improve the overall experience of the tenants
• Reduced risk to business
• Maintain compliance
• Global view
• Reduce the overall cost
Cloud’s value resides in on-demand resources, offering agility to bring new services on, elasticity to
scale up and down, an automated self-service model, and access to services from anyplace and any-
where in the network. The cloud approach optimizes use of resources to drive a cost-effective solution.
Cloud initiatives are critically important to Apollo in achieving the strategic goal of having a nimble IT
infrastructure and Education Platform with an solid security backbone. The IaaS cloud delivery model
that Apollo chose is a Hybrid Cloud with Amazon being the Public Cloud Vendor. The talk goes into how
enterprise-level security can be achieved in any Public cloud as well as non-traditional and customized
ways of addressing general security requirements within public clouds from Vulnerability Assessment,
Access Management, Key Management, Database Monitoring, IDS/IPS deployment, Application Secu-
rity, Database Security , Security Monitoring , Traditional/Virtual Patching etc. .We will also delve into
additional security requirements that are unique only to public cloud when it comes to addressing secu-
rity of Tenant data. Finally, the discussion will take a journey into the architectural, design, practical
implementation, selection process of CSPs, gaps and best practices found through building Apollo’s
Education Services on a Hybrid Platform (Public/Private)
Presenter: Kartik Trivedi, VP / Co-Founder at Symosis
Symosis, a high end mobile and application security advisory firm with more than a decade of experi-
ence in providing security risk assessment, quantification, remediation and compliance management
services to Fortune 500 companies. Kartik has performed several hundreds application security assess-
ments, code reviews, reverse engineering analysis, threat models, penetrations tests, network reviews
and incident responses. He was previously the director of application security at Accuvant, Security
Manager at McAfee, security consultant at Foundstone and software development engineer at Concept
Sol. He has contributed to many security books- hardening code, hacking exposed, how to break web
security and is a regular speaker at several conferences including RSA conference, WebAppSec, OWASP
and ToorCon. Kartik has MBA and MS degrees and CISM, CISA, CISSP certifications
Co-Presenter: Lenin Aboagye, Principal Security Architect at Apollo Group.
Responsible for overseeing all security pertaining to Apollo's Education Platform and Applications. He
is a seasoned Information Security professional with over 10 years of experience in different roles in
the security field. A sought after speaker on Cloud, Mobile and Application Security topics. His experi-
ence in security has led him to hold different roles from security analyst, penetration tester, security
engineer and security architect roles in several high-profile organizations in Media & Television, Educa-
tion, Health, Real Estate and Energy industries. He worked as a Security consultant for Accuvant, Inc.
and was also a Senior Security Consultant with Verisign's Global Group. Contributing member of the
CSA Security- As- A-Service (SecAAS) working group and is an active participant in several other Infor-
mation Security related interests. Lenin holds a BA, and graduated top of his class with a double major
in Computer Science and Math.

Session 2-4 Description: Using COBIT 5 Process Assessment Model (PAM) and Cloud Audit
Methodology: ISACA Guidance to our Every Day activities to Assess company Services that
Extend to the Cloud This is an introduction to the newly updated ISO/IEC 15504 compliant,
COBIT 5 Process Assessment Model (PAM). This model is the basis for the assessment of an
enterprise’s IT processes against COBIT 5. The assessment model is useful for identifying the
enterprise’ current state, setting targets for desired improvement, and recognizing progress
in implementing the processes that support and enable excellence in strategic alignment,
value delivery, risk management and resource management. Use of the COBIT 5.0 Process
Assessment Model gives and evidence and standards based assessment of process capability.
Presenter: ISACA SF President Debra Mallette CGEIT®, CISA®, CSSBB (ASQ Certified Six
Sigma Black Belt), and Managed Change™ Master, is an early adopter of COBIT for imple-
menting IT Governance. Having used the COBIT 3 Maturity Model, written ISACA/ITGI’s SEI
CMM to COBIT 4.0 and SEI CMMI to COBIT 4.1 mapping papers, and serving on the COBIT 5.
Development Group, she was asked to serve as an expert reviewer for the COBIT 4.1 and
COBIT 5 Process Assessment Method (PAM). She has previously been a certified SEI CMMI
assessor and ISO TickIT qualified. Debra has been working with quality management systems,
systems of internal control, process performance measurement, monitoring, and
improvement programs throughout most of her career. She is an ISACA certified instructor
for Implementing and Continuously Improving IT Governance, V3.0, as well as Introduction to
COBIT 5. Past President of ISACA San Francisco Chapter, for her day job, she’s an ITIL Service
Management Process Consultant Specialist in Kaiser Permanente’s 5000 person-strong IT
organization serving the largest and original Health Maintenance Organization in the United
States.
Session 2-4 Description—Part Two Big Risk, Big Data, showing the issues in assigning govern-
ance, risk and compliance steps to projects using "Big Data" technologies. This presentation
is an interactive discussion that is likely to spill into conversations throughout the remainder
of the day. To preview the points, view more at http://www.enterprisegrc.com/
IMA_ValofData/
Presenter: ISACA SV Conference Director, Robin Basham, M.ED, M.IT, CISA, CGEIT, CRISC,
ACC, CRP, VRP, and HISP, Managing Partner, EnterpriseGRC Solutions Inc.® Over the last
decade Robin has architect more than 70 GRC programs, delivering end to end solutions with
full knowledge transfer to program owners and users. Robin is also past president for the
Association for Certified Green Technology Auditors, ACGTA, a frequent committee contribu-
tor to the ISACA Silicon Valley Chapter and liaison to the ITSMF SV chapter, as well as fre-
quent participant in Cloud Security Alliance local chapter. EnterpriseGRC Solutions is recently
added to the Cloud Credential Council and is named to the certification committee of The
Holistic Information Security Practitioner Institute (HISPI). EnterpriseGRC Solutions® is an
active sponsor to Information Systems Audit and Control Association, ISACA®, listed as
corporate sponsor and many time CobiT® trainer for the ITGI.

2-5 Session Description: Similarities, Benefits and Potential Drawbacks to implementing SAP
as a Hosted Solution - This session examines several common audit programs as outlined IS-
ACA's Security Audit and Control Features for SAP ECC 6.0 guidance and as recommended in
general ERP compliance practice. Visit http://www.istreetsolutions.com/
Presenter: Mark Richter, President, iStreet Solutions, LLC.
Mark Richter has over 30 years’ experience helping companies improve profits and uncover
additional economic value by applying enterprise best practices and the latest in information
technology solutions. His vision is transformative and critical to creating the iStreet Services
Platform as he blends cloud and virtualization technologies, with the security considerations
demanded of dedicated platforms. His career began at Hewlett-Packard where he held
various technology and leadership positions, moved to VoIP startup Appiant Technologies
and then Ragingwire Enterprise Solutions.
Before founding iStreet Solutions in 2004 he served as business application hosting
Infrastructure Practice Director at Rapidigm, now a part of Fujitsu Consulting. Mark holds an
MBA and Bachelor of Science degree in engineering.
Session 2-6 Closing the Gap Between Security and Compliance
New technologies and the way we work are challenging the traditional controls put in place
for security. How we deploy security to maintain control and visibility has to change to keep
up. Check Point’s approach using multi-layered security can provide the necessary controls
and provide the visibility to confidently embrace these new technologies and ways of working
Presenter: Fred Kost, Head of Product Marketing at Check Point Software Technologies
Fred brings a wealth of marketing and security experience and a passion for security. Prior to
joining Check Point, Fred was director of security marketing for Cisco where he led marketing
for the portfolio of security products and solutions. He has extensive network security
experience spanning both established industry leaders and early stage ventures. Fred has
held technology marketing and development positions with Recourse Technologies,
Symantec, nCircle and Blue Lane Technologies. He earned a Bachelor of Science in Electrical
Engineering from Purdue University and an MBA from the University of North Carolina.

Session 2-7 Panel Discussion
Session 2-7 Description: Trust Services in Cloud Based Business, Session Descrip-
tion: Companies depending on SOC 1, SOC 2 and SOC 3 need to be clear in the extent of expo-
sure analysis and more transparent in what they commit to external reporting. This panel in-
cludes Directors in Information Audit who have specific experience in assisting public and pri-
vate companies in selecting and achieving external reporting requirements. The session will
consider where the current standards need improvement and how new frameworks from
AICPA and ISACA can assist in filling gaps.
Moderator: Sumit Kalra, CISA, CISSP, is a Director at Burr Pilger Mayer, where he manages
the Assurance Services practice specializing in information technology, SAS70 Audits, and
assessments. His 12 years of industry experience include 6 years at international CPA firms,
and 6 years at companies in the technology, consumer products and financial services
industries. His knowledge base spans a variety of ERP solutions and complex infrastructure
implementations. Sumit has a BS in Accounting and Computer Information Systems from San
Francisco State University.
Panelist: Harshul Joshi, CISSP, CISA, CISM, Director PwC. As a Director in the security practice
with primary areas of focus in IT security and compliance based risk assessments, Harshul's
expertise includes Threat and Vulnerability modeling and security architecture. He has worked
with various compliance standards including: PCI (Payment Card Industry), Sarbanes Oxley
404, GLBA (Gramm Leach Bliley Act), PCI (Payment Card Industry) and SAS 70. Harshul has
worked in Fortune 100 companies assisting with IT compliance, audit and security initiatives
and is an internationally known speaker. Some of the sample topics he speaks on include PCI,
Wireless Security, Auditing Firewalls and Intrusion Detection, Risks of IT Outsourcing and
Offshoring and Performing IT Risk assessment from a Business stand-point. He has spoken at
various conferences in Singapore, India and in United States. He is a regular speaker at ISACA
North American Conference as well as Network Security Conference. Harshul is a Certified
Information Systems Security Professional (CISSP), Certified Information Systems Auditor
(CISA) and Certified Information Security Manager (CISM). Harshul has an MBA in International
Business and a MS in Information Systems. Prior to joining PwC, Harshul was a Director of
Technology consulting for CBIZ MHM LLC, where he headed the security practice creating and
delivering risk assessment services. He also spearheaded IT security and compliance at Sony
Corporate audit group performing compliance and audit assessments for Sony Electronics,
Sony Music and Sony Pictures. Prior to joining Sony, Harshul was a Security Architect with
Verizon / GTE.

Panelist: Jeremy Sucharski, CISA, CRISC is a Director in Armanino McKenna’s CFO Advisory
Services Practice.
Jeremy is the Governance, Risk and Compliance practice leader. Jeremy has over 12 years of
experience in audit and consulting with a strong focus on SOX, SOC audits and information
security consulting. Jeremy currently leads the Governance Risk and Compliance (GRC) and
SOC audit practices at Armanino McKenna. Prior to joining AMLLP, Jeremy worked in the
Deloitte ERS practice focusing in IT Internal Audit. Prior to Deloitte, Jeremy spent several years
with the Federal Government in various finance and IT-related positions. Throughout his ca-
reer, Jeremy has focused on assisting clients in designing processes and controls that strike the
proper balance between the need to protect a company while not being unduly onerous and
restricting their ability to innovate. Jeremy has served clients in a variety of industries including
transportation, high technology and consumer products.
Panelist: Jay Swaminathan, CISA, CPA, CRISC, Director SOAProjects, provides Internal Audit
and IT risk consultation to his clients. Jay has more than 10 years of experience in varied
industries. In his current role at SOAProjects, he specializes in implementing optimization and
process improvements for his clients in compliance and other areas. His expertise includes in
depth knowledge of Oracle EBS, related tools and methodologies to evaluate the ERP system.
Prior to SOAProjects, Jay was with the Risk Advisory Services in Ernst & Young.
Jay was responsible for managing and executing review of IT systems as part of financial and
Sarbanes-Oxley 404 audits of major corporations like Seagate, Spansion, and Copart. Jay was
an Oracle Subject Matter Resource (SMR) at Ernst & Young practice and instructed various
Oracle training sessions. Jay is the recent past President of the ISACA Silicon Valley chapter and
successfully lead the 830-member organization, steering goals and objectives and in collabora-
tion with a team of board members, executes programs for the benefit of the members. He
instructs the CISA review courses and is a regular speaker at different conferences. Jay is an
undergraduate in Management from Bangalore University.
Panelist: Douglas A. Brown, Sr. VP of Engineering Operations at NetSuite Inc. (NYSE: N).
Brian K. Taylor, CISA, is the SR Director of Compliance, Systems and Tools at NetSuite Inc.
(NYSE: N). In this role, Brian is responsible for IT Compliance in such areas as SOC 1/2, SOX
ITGC, EU Safe Harbor, and PCI DSS. Brian established and grew NetSuite’s IT Compliance
practice, leading the teams that first successfully implemented and achieved SAS 70 and PCI
DSS, as well as growing and managing the SOX/Internal Audit team. Before taking on his
current responsibilities, he worked on the NetSuite Product Management team, managing
customization, scripting, administration, and integration products. He is additionally responsi-
ble for the team within NetSuite that runs the company on the NetSuite OneWorld product, as
well as an engineering release team. Brian has worked for NetSuite for 12 years, has 10 years
experience in IT compliance, and more than 20 years experience in Information Technology.
Prior to NetSuite, he worked as a Compliance and Design Engineer at Lucent Technologies.
He is a Certified Information Systems Auditor (CISA) and holds a Bachelor of Arts and Science
in English and Computer Science from UC Davis and a Masters in Science in Chemistry from
the University of Detroit-Mercy

Platinum Sponsors
Silver Sponsors

ISACA Silicon Valley has been providing IT Audit, Security, and Governance Profes-
sionals with the training and networking opportunities they need to compete and
thrive since 1982. We are continuing this tradition at our 2012 Summer Conference,
where we offer our attendees are a range of industry leaders, speaking to their wis-
dom and experience in Enabling Trust through Business in the Cloud. Don’t miss our
upcoming Winter Conference, offering two full day courses that move beyond the-
ory to emphasize practical skills you can utilize at work or to improve your market-
ability.
The Conference Committee has worked hard to provide a cost effective, value
driven, high quality educational and networking experience. We tailor our events for
ISACA members as well as Bay area professionals in governance and compliance
fields. We hope we have succeeded. As always, you input is greatly appreciated,
and we strongly encourage you to fill-out the Evaluation Forms at the end of each
day. You are also welcome to seek us out with any comments or suggestions you
might have to help us continually improve.
Yours Sincerely, The ISACA SV Summer Conference Commit-
tee
2012 Summer Conference Committee
Robin Basham, Conference Director Please learn more about the key roles played
Sumit Kalra, Chapter President by our volunteers. Read their bios on page 17.
Mike Jordan, Chapter Vice President Brendan Lewis - Coordinator
Ruchi Verma, Secretary Bala Krishnan - Liaison
Robert Ikeoka, Treasurer Pratul Kant - Liaison
Greg Edwards, Membership Director Prasad Sanjeevaiah - Liaison
Pat Kumar, Communications Director Sivakumar Natesan - Liaison, Web Support
Dharshan Shanthamurthy, Certifica-
tion Director
Monica Pope— Design, flyer
Naimish Anarkat, Programs Director Marlin Pohlman - Liaison
Larry Halme,
Academic Relations Director
Mohammed Saifuddi - Marketing
Jay Swaminathan, Past President Catherine Skrbina - Registration
Committee Members

Meet the volunteers, ISACA SV Summer Conference Committee
Members of the ISACA Silicon Valley Board of Directors put substantial personal efforts to supporting the
activities of Summer and Winter Conference. Attendees can learn more about our Board by visiting our
website Meet Our Board
Brendan
Lewis
Communication Coordinator, Brendan Lewis has more than 15 years of experience across IT disciplines
and currently serves in IT Governance at KLA-Tencor. He recently passed his CGEIT exam.
Bala
Krishnan
Volunteer Coordinator, Bala is a Senior Management Consultant with over 10 years experience focusing
on ERP business processes and information risk advisory services for global organizations with expertise
in the areas of IT Audit, Compliance, Controls, Data Privacy and SAP Security design/optimization. He
holds two leading certifications of Certified Information Systems Auditor (CISA) and Certified Informa-
tion Privacy Professional (CIPP/IT) and is a former Big 4 Consultant.
Pratul
Kant
Liaison, Pratul is a Senior IT Infrastructure and Information Security professional with over 18 years of
experience focusing on Enterprise IT systems, IT infrastructure (including Virtualization, Cloud and SaaS
based solutions), Information Security and IT production operations. He holds a degree in Electrical En-
gineering (B.Sc. Engineering), a master’s degree in Information Systems (MSIS) and an industry standard
information security certification (Certified Information Security Manager or CISM) from ISACA.
Monica Pope Flyer support and graphic artist, Monica Pope – SharePoint Administrator and IT Compliance Specialist
at DDi. Monica Pope – SharePoint Administrator and IT Compliance Specialist at DDi. 6 years experi-
ence with SharePoint Administration. During this time as the Intranet Project Manager for DDi I con-
solidated the company’s Intranet using the SharePoint Platform. In the last 8 years, as a member of
the IT Security Group and in the role of SOX control owner of the IT Change Management, I coordinated
the IT Control Board; developed, updated and communicated IT Policies and Procedures for DDi.
Marlin
Pohlman
Liaison, Chief Technology Officer at Haliphron, uniting Cloud Service Level Agreements to metrics pro-
vided by major vendors, Marlin Pohlman is the former Chief Governance Officer of EMC. In this role he
coordinated the activities of standards based IT governance with EMC, its Security Division RSA and its
holdings in VMWare and Acadia. Dr. Pohlman represents ISACA in ISO SC27 JTC1 and is the co-editor for
the 27017 Cloud Security Standard as well as a contributor and shareholder in the CAMM project. He is
a licensed engineer and holds the CSA CCSK certification the ISC2 CISSP certification as well as the ISACA
CISM, CISA, CGEIT, CRISC certifications, is also a paralegal.
Mohammed
Saifuddi
Liaison, Mohammed graduated from Texas A&M University and as has been Working as a Solutions
Architect at Questivity-a Data Center and IT Infrastructure Solutions provider. He is also involved in IS
Audits and aligning processes following ITILv3 best practices for Questivity customers. He is ITIL and
COBIT trained.
We also wish to acknowledge people who showed up to man the registration table and to assist with physical demands
in supporting the exhibition, with mention to Catherine Skrbina and Prasad Sanjeevaiah .
For support on the website banner, Thank you, Sivakumar Natesan

Venue Information and a note regarding Academic Relations
The 2012 Summer Conference will
be held at:
Biltmore Hotel & Suites
2151 Laurelwood Road
Santa Clara, CA 95054
(408) 988-8411
Free Parking
ISACA Supports Academic Research
Academic research is the foundation of many of the breakthroughs and new theories supporting the
IT assurance, information security and IT governance professional space. ISACA is pleased to sup-
port academic research projects by posting these descriptions of peer-reviewed research projects
underway. You are encouraged to participate in those you find of special interest or pertinence.
ISACA Silicon Valley maintains a relationship with San Jose State University.
To learn more contact the Academic Relations Director
A special thank you is in order to the companies
that volunteered sponsorship for local university
students. In addition to their generous conference
support, these companies also hosted student
attendance for this and future ISACA SV training
events.

2012 Summer Conference Brochure

More Related Content

What's hot

Similar to 2012 Summer Conference Brochure

More from EnterpriseGRC Solutions, Inc.

2012 Summer Conference Brochure