October 9-10, 2018 | The Westin Tyson's Corner | Washington, DC

2017 Complete Conference Program

Build Your Own Program From Five Days of Content

Pre-Conference Workshops (Day 1)

Two-Day Conference/Four Tracks (Day 2-3)

Post-Conference Training (Day 4-5)

The week starts with intensive half-day pre-conference workshops (Day 1, Mon) to bring you up to speed on terms, concepts and strategies for certified ISMS.

The Certified InfoSec Conference will be presented in plenary sessions, and four tracks (Day 2 & 3, Tue & Wed). The opening Plenary Sessions (Day 2, Tue) will present keynote speakers and an industry overview. The Enterprise Compliance track (Day 2, Tue) will cover issues related to ISMS implementation within the organization. The Organizational Resilience and Cyberdefense track (Day 2, Tue) will cover issues related to business continuity and intrusion response. The Cloud Compliance track (Day 3, Wed) will cover special issues related to security and privacy for cloud organizations. The Cross-Compliance track (Day 3, Wed) will cover issues related to the efficient management of multiple certified security frameworks. Hospitality events including breaks, lunches, an industry reception give you the opportunity to network with colleagues and speakers. The conference ends with a summary panel discussion of industry leaders focused on a topic chosen by conference participants.

Post-Conference Training/Exam Sessions (Day 4 & 5, Thu & Fri) allow you to achieve a valuable professional certification.

The Complete Conference Schedule

Day 1
09 Oct 2018
Day 2
10 Oct 2018

Opening Plenary Keynote Presentation (P10b)

Description to come
Matt Goodrich

Cybersecurity Risk and Compliance: Past, Present and Future (P10c)

As an Information Security pioneer for more than 35 years, and the author of the original text behind ISO/IEC 27000, David has a unique perspective on the Cybersecurity landscape and...
Read More
David Lacey

Cloud Compliance Keynote: Security & Compliance: A Driving Force Behind Moving to the Cloud (C11a)

With greater resiliency, elasticity, visibility, automation, and the availability of emerging technologies such as artificial intelligence and machine learning, security professionals can exceed their highest security and compliance objectives with...
Read More
Michael South

How Do I Get Started With FedRAMP? (C11b)

Many organizations have solutions that can meet a variety of federal IT needs. However, due to either having no prior federal experience or minimal experience in providing on-prem solutions they...
Read More
Martin Rieger
Kris Martel

Compliance Overview – The Options and What They Mean (E11b)

The compliance landscape can be overwhelming when dealing with customers (as well as internal management and sales personnel). A compliance team may have to address some of the following questions:...
Read More
Scott Zelko
Ryan Mackie

Assessment and Compliance for the Cloud (C11c)

Over the past five years, “Cloud Computing” has revolutionized how organizations do computing. It has driven a transformation from enterprise datacenters filled with servers to enterprise applications hosted in mega-facilities...
Read More
Chris Williams
Siobhan Moran

ISO27001 and SOC 2 Compliance – The Easy Way (E11c)

This presentation will focus on the ways to implement ISO27001 in conjunction with an ISAE3402/SOC 2 in such a way as to minimize the overhead and cost of doing so....
Read More
Chris Hall

Taking Compliance to the Cloud (Tools and Techniques Using ISO Standards) (C12a)

To certify cloud applications organizations have to change. Traditional data center audits (PCI, HIPAA, FISMA, ISO 27001) are challenged by the risks, management and security boundaries presented by moving commercial...
Read More
Tim Weil

Managing an ISO 27001 Certification Program in the Age of Acquisitions (E12a)

The cloud and IT services intra-industry competition has propelled the interest, adoption, and obtainment of various security certifications, to include ISO 27001, and the age of acquisitions in the never-ending...
Read More
Shane York

Enterprise Compliance Panel Discussion: Certification Pitfalls and Lessons Learned (E12b)

Our panel of experts from industry and government provide case studies on the challenges they have encountered in gaining ISO 27001 certifications. Audience members will benefit from hearing about the...
Read More
Willibert Fabritius

Considering a Dramatically Different Paradigm to Ensure Security; How the Dynamic and Abstracted Infrastructure can be More Secure than Ever (C12b)

Cloud security, and by extension compliance are challenged by an ever-evolving threat landscape. The dynamics are constantly in flux and it can be a never-ending, unwinnable battle. What if we...
Read More
Robert Ames

Beyond Asset-Based Risk (E13a)

Enterprise Security Standards of today typically prescribe the creation of “asset-based” risk assessments to protect their enterprise information. Today’s multi-vector threat landscape requires us to think of risk in a...
Read More
Bradi Van Noy Hays
Ron Chandler

Cloud Compliance Panel Discussion: Should There be a Standard International Reference Architecture to Make Cloud Compliance Easier? (C13b)

Cloud compliance is a relatively new endeavor, and, as such, policy-makers are still working toward identifying consistent and broad-reaching standards for implementation and security. Join our panelists as they discuss...
Read More
Martin Rieger

GDPR: Beyond the Talk, Let’s Get to Execution (E13c)

GDPR is climbing to the top of enterprise priorities, but much of the buzz fails to capture even a fraction of the technical challenges ahead. For example, GDPR does not...
Read More
Michael Powell

Introducing ISO/IEC 27552 Privacy Information Management System (D20b)

ISO/IEC 27552, better known as PIMS in standard development community, is a privacy extension to ISMS. It is designed as a certification standard to enable demonstration of privacy policy/regulatory compliance...
Read More
Alex Li

ISO 27000 Certification Helping Organizations in GDPR Compliance (R20b)

The information security management system as defined by ISO 27000 lays the foundation for data privacy. Annex controls of ISO 27000 standard provides the basic control to build a secured...
Read More
Sanjay Basu
Neelov Kar

Data Protection: Security In The Cyber Environment (D20c)

Cyber security and data protection is not about the adversary. The same techniques that protect against credit card scammers will protect against political information hackers. While the actors matter, ultimately,...
Read More
Henry Sienkiewicz

The ISO 27000 Ecosystem (R20c)

While ISO 27000 and ISO 27001 are the most recognized standard are many other Standards in the Ecosystem and this presentation will provide an introduction to these other standards.
Willibert Fabritius

Minimizing the Impact of Data Breaches in Dev and Test Databases (D21a)

According to Gartner, more than 80% of companies use sensitive data for non-production in development environments for more reliable testing. For the hacker, non-production environments are a tempting target as...
Read More
Steve Jones

Optimizing Compliance Management using Regulatory Libraries and Mappings: A Perspective on Data Security and Privacy Compliance (R21a)

Managing regulatory and compliance risk is a constant challenge for organizations subject to data security and privacy regulations/standards. The current pace of regulatory change is extremely high, which poses added...
Read More
Steve Crutchley
Brian Alexander

Adapting GDPR Requirements to Meet NIST 800-53 Rev. 5 (D21b)

GDPR is the latest compliance requirement going into effect (as of May 2018) that will be a game-changer for all businesses harvesting or interacting with data originating in the European...
Read More
Tim Lowman

Cross Compliance Panel Discussion: Best Practices in Managing Multiple Certifications (R21b)

Companies both large and small must contend with multiple standards and certifications. Our panelists discuss best practices they have developed in managing the different, and sometimes conflicting, requirements posed by...
Read More

Digital Data in the Age of “The Breach” (D21c)

In the age of digital data our society has taken a rather laissez-faire attitude toward personal information. We think nothing of providing our Social Security number to credit bureaus and...
Read More
Kelly Kuchta

Data Privacy: GDPR and Beyond (D22a)

Almost six months have passed since the GDPR came into force. What have been some of the biggest challenges leading up to GDPR but also during its first half year?...
Read More
Christoph Luykx

Blockchain and GDPR – How do you forget what cannot be forgotten? (R22a)

DPR has an inherent “right of erasure”, or the right to be forgotten. A person has the right to request that their data be removed from processing, storage, or use....
Read More
Joshua Marpet
Scott Lyons

A Frankenstinean Approach to an Information Security Management System: Implementing ISO 27001 with the CIS CSC (R22b)

The CIS CSC controls are designed to prevent breaches, but there is no current means to be audited as compliant with this standard and prove that it was implemented effectively....
Read More
Walter Williams

Data Privacy Panel Discussion: Data Privacy Compliance Issues Worldwide (D22b) 

Data privacy presents different challenges to different industry verticals. Government, financial services, insurance, health care, and Internet of Things manufacturers all have issues specific to their own implementations. Join our...
Read More