Viewing 0 current events matching “ISACA” by Date.

Sort By: Date Event Name, Location , Default
No events were found.

Viewing 8 past events matching “ISACA” by Date.

Sort By: Date Event Name, Location , Default
Wednesday
Feb 8, 2012
SIM Monthly Meeting
Embassy Suites Portland--Downtown

Presentation by Robert Strictland of Stickland Consulting LLC., on the realities of Mobility and its use as the optimal distribution endpoint for Big Data.

Explore why mobility solutions are challenged by interrelated decisions that cross applications development, infrastructure, security, and risk management. Gain a perspective on why mobility is an Enterprise issue and as IT leaders we need to focus on creating blueprints, business driven policies, and BYOD programs that help build high value mobile Enterprises.

Website
Wednesday
Nov 8, 2017
2017 ISACA SALEM Cyber Security Symposium
Chemeketa Center for Business and Industry in Salem, OR

Collection of timely and relevant presentations to address Cyber Security Trends

8 CPE, 4 Sessions

Session 1: Complex Adaptive Systems: How real life interactions translate into loosely coupled systems design Presenter: Michael Adsitt, VP at Duff & Phelps

Session 2: Security Panel: Building and Navigating a Career in Information Security, Privacy and Compliance disciplines Presenters: Jayashree Srinivasan, Oregon Dept. of Revenue; Jeremy Lyon, ODS; Madeline Zamoyski, New Relic; Paul Speed, Columbia Sportswear

Session 3: GDPR Compliance: Preparing an Approach Presenter: Madeline Zamoyski, Product & Privacy Attorney, New Relic

Session 4: DOX’ing Yourself: How Hackers Find Personal Information about You Presenter: Paul Speed, Information Security Engineer, Columbia Sportswear

PRICING: Earlybird: Through 10/27/17 ISACA Members: $75 Non-Members: $125

After: 10/27/17 ISACA Members: $100 Non-Members: $150

Website
November 2017 ISACA Luncheon - Security Containerization
KPMG

ISACA Luncheon Event: Security Container Adoption in Enterprise Environments

Across the world, organizations are using containerization technologies such as Docker and Kubernetes as a security boundary without a strong understanding of the underlying design. These technologies are often misconfigured, which can provide attackers with a means to gain a foothold within an organization, elevate privileges, or spread laterally throughout a modern enterprise network. During this presentation, we will analyze common use cases for a containerization environment and demonstrate tools these technologies provide to protect the host from an attacker within the container. We will discuss in detail the common threats facing these environments, as well as technical and administrative controls to detect and protect against attacks on containerization infrastructure.

Speaker: Lucas Rosvar, NCC Group Lucas Rosevear has been a Security Consultant at NCC Group since September, 2015, working from NCC's Seattle, WA office. Through projects at NCC Group, Lucas has performed a range of testing, including: - Network Penetration Testing - Web Application Penetration Testing - Blackbox and Config-assisted Container Reviews - AWS Config Reviews

Prior to NCC Group, Lucas became an OSCP and a member of the Phi Theta Kappa Honor Society.

Cost: ISACA Members: $25.00 Guests and Non-Members: $30.00

We expect this event to sell out. Attendance will be limited to the first 70 registrations. Do not delay, and register today!

Website
Thursday
Feb 8
ISACA Luncheon Event: "Building and Sustaining a Threat Intelligence program"
KPMG

Speaker: Chris Nolke, CISO, Portland General Electric (PGE)

Chris is an experienced information security leader with experience building and operating threat intelligence programs at Nike and more recently at SureID prior to joining Portland General in October.

With a passion for engineering and sports cars, Chris will share his lessons and perspectives on building and operating threat intelligence programs that are engineered for success without having to worry about changing the oil frequently.

Website
Wednesday
Apr 18
Incident Response and Vulnerability Management Seminar
Oregon Department of Fish & Wildlife

Join ISACA and the Salem IIA on April 18, 2018 as we present an in-depth seminar on Incident Response and Vulnerability Management

4 CPE

Two industry practitioners, Russ McRee from Microsoft and Ousàma Lakhdar-Ghazal from Umqua Bank, will be sharing their experiences and best practices for prevention, detection and responding to critical incidents, as well as discussing managing vulnerabilities.

Russ McRee is the principal security group program manager of the Blue Team for Microsoft’s Windows & Devices Group. He writes toolsmith, a monthly column for information security practitioners, and has written for other publications including Information Security, (IN)SECURE, SysAdmin, and Linux Magazine. Russ has spoken at events such as DEFCON, Derby Con, BlueHat, Black Hat, SANSFIRE, RSA, and is a SANS Internet Storm Center handler. He serves as a joint forces operator and planner on behalf of Washington Military Department’s cyber and emergency management missions. Russ advocates for a holistic approach to the practice of information assurance as represented by holisticinfosec.org.

Ousama Lakhdar-Ghazal is currently the technology risk officer for Umpqua Bank, managing risk and coordinating risk coverage for technology. Prior to joining Umpqua, Ousama was a compliance manager for Nike Inc., and prior to that a manager at Deloitte in their Cyber Risk Services group.

Pricing: $45 members (ISACA or IIA) $55 non-members and guests

Details: Afternoon Refreshments will be provided. Parking: Free Parking at the venue. No pass required.

Website
Thursday
May 10
ISACA Luncheon - "Executing a Security Strategy for a High Transaction Digital Environment
KPMG

May 10, 2018 ISACA Luncheon - "Executing a Security Strategy for a High Transaction Digital Environment: Lessons from the Trenches"

Speaker: LJ Johnson, NIKE Information Security Sr. Director (Retired)

With a career spanning more than three decades, LJ Johnson is a well known security industry leader within the local Portland community. For the past 20 years, LJ has held several roles within NIKE’s Information Security organization as well as holding leadership positions in Business Operations, Organizational Change Management, and Global Supply Change Management. LJ’s more recent experience was building an Information Security Program for NIKE’s digital commerce organization.

Having a holistic background in both business operations and technology delivery provided LJ with the credibility and experience to create an information security service designed for high transaction activities and emerging technologies. Come listen to LJ as she shares lessons from the trenches in building an adaptable and sustainable information security program from a digital commerce perspective.

Website
SANS Community Event
Portland City Grill

Join SANS Instructors Brian Ventura and Derek Hill for an evening of conversation regarding Secure configurations - Built-in Security Enhancements and the benefit of the CISSP certification from a hiring manager perspective.

TOPICS 1. In the information security news, we regularly hear about the latest vulnerabilities with recommendations to scramble and patch immediately. This is an important aspect of our industry, however there are other security considerations. Are there configurations we can set now in our systems and software that will protect us? Let's explore secure configurations and see what we find.

  1. The Hiring Manager is looking at your resume – why does CISSP matter? While the CISSP is not the only thing we look at, it is a great starting point. What knowledge does the CISSP provide and how does one prepare for the exam?

Who is Brian Ventura: Brian Ventura is an Information Security Architect by day and SANS instructor by night. Brian volunteers with the Portland ISSA and OWASP chapters, focusing on educational opportunities. For SANS, he regularly teaches CyberDefense courses like the CIS Controls, Risk Management, and Security Essentials. Brian has a Security Essentials (SEC401) course in Portland, June 18-23. Come join in the learning experience!

Who is Derek Hill? Derek Hill has over 25 years of experience in IT and Information Security. He currently manages an Application Security Team, an Infrastructure Security Team (Blue Team) and a Data Privacy Engineering team at HP Inc. in Vancouver, WA. His teams are responsible for ensuring that HP’s internally developed applications are secure as well as the AWS infrastructure that is hosting these applications. Prior to his current position, Derek held IT management and technical roles at both large and small companies. In each role, he has focused on delivering excellent services, uptime and security for all the projects/staff he managed.

Derek holds an MBA from Willamette University and an undergraduate degree in Management Information Systems from Oregon State University. He has various security credentials including a CISSP and multiple GIAC certifications.

DATE: Thursday, May 10, 2018

Registration: 6:30 PM

Presentation: 7 :00 PM - 8:30 PM

RSVP by sending a confirmation email to Shelley Wark-Martyn @ [email protected]

Appetizers and drinks will be served.

We look forward to having you join us.

Website
Monday
May 21
2018 Spring Training: IT Security and Audit Symposium
through Clackamas Community College - Wilsonville

Spring Training

Day 1:

1) Keynote: Blockchain: More that Cryptocurrency: Michael Reed (Intel)

Presentation on the origin of blockchain technologies and its evolution to a key technology in pursuit of increased efficiencies and new business models. Is your enterprise ready for blockchain?

2) Micro Segmentation and Cloud-A blueprint for protecting your golden egg: Tyler Hardison (RedHawk Security) (EVENT SPONSOR)

3) Benefiting from PCI – Even if Compliance is Not Required: Bowe Hoy (Sword&Shield) and Mike Griffin (Circle K Stores, Inc.)

The Payment Card Industry Data Security Standard (PCI DSS) can be beneficial to your organization, even if compliance to it is not a requirement. PCI DSS features a number of valuable guidelines to help your organization improve its security posture, technology auditing, and business operations. This session will help you understand the key components of PCI DSS and how your organization can benefit from implementing it. You will receive practical lessons through case studies about organizations that have successfully implemented PCI DSS. Whether these organizations were required to comply with PCI DSS, or chose to adopt it – they became a better organization because of it. And you can learn how to do the same for your organization.

4) Certificate Security and Frameworks for a Public CA: Derek Thomas and Scott Perry

As the ubiquity of on-line shopping continues to amplify our digital environment, ensuring a trusted on-line transaction becomes critical to building the brand loyalty and experience once relished within the physical brick and mortar retailer. The ability to ensure a trusted and secure transaction is not new, however the scrutiny placed on that trust is at an all time high with significant changes in the issuing community and the scrutiny ensuing from the browser community for secure and reliable trusted certificates.

In this presentation, Scott Perry, Partner and Derek Thomas, Managing Director, of Scott Perry CPA, one of six licensed CPA firms performing Certificate Authority audits, will discuss the changing landscape of on-line transactional trust and the requirements of Certificate Authorities. The presentation will include a discussion and overview of an established but less known framework for evaluating and auditing the performance of Certificate Authority practices and considerations applied to evaluating the security of your on-line transactions.

Day 2: 5 Sessions: Various Presenters

5) Current Economics of Cyber: David Hobbs: Radware

Often we discuss the changing threat landscape from a pure technical or vulnerability picture, however this does an injustice to element of ease, cost and access to attacks. This presentation will provide attendees with an up-to-date picture of the rapidly changing landscape of attack tools and services, the buying criteria and locations for these the tools and ease of use. In addition, the presentation will provide an understanding of how the combination of the proliferation of these tools and their corresponding use has dramatically changed the dynamics of the return on defense strategies. This presentation will provide unique insight into the world of the Darknet, specific customer attack stories, new economic models of measuring security deployments and a refreshed look at how controls should be deployed going forward.

6) Cyber War Chronicles - Stories From the Virtual Trenches (ERT Report 2017): David Hobbs: Radware

From information shared by over 1250 companies on their top concerns, we talk about what happened in 2017 and predict the top trends of 2018 in cyber security. The first half of 2017 saw a continuation of some cyber-security threats, as well as the emergence of some attack types and trends. Ransom attacks, political hacks, and new dynamics around the accessibility and capability of attack tools have added even more challenges to security. This session will explore some of the latest evolutions of the threat landscape, through a combination of market intelligence, real-world case studies, and direct insights from those on the front lines of cyber-security.

7) OWASP Updated Top10: Alex Ivkin (ISACA Board)

 A detailed technical review of the OWASP top 10.

8) The Value of Cyber Certifications: Alex Ivkin (ISACA Board)

9) Fraud Audit in a Digital Environment: Sarah Dalton: E&Y

CPE: 14 CPE

Cost:

Regular Pricing: On or After 4/20/18:

ISACA or IIA Member: $185

Non-Member: $225

We hope to see you there!

Website