May 6, 2025 | The Hotel UMD, College Park, Maryland

CISC18 Conference Agenda

Tuesday, October 9

08:00 - 09:00 Registration

09:00 – 11:00 Opening Plenary Session

09:10 Cybersecurity Risk and Compliance: Past, Present and Future (P10b) David Lacey, Managing Director, David Lacey Consulting Ltd

09:45 Security & Compliance: A Driving Force Behind Moving to the Cloud (P10c) Michael South, Principal Business Development, Amazon

10:20 Compliance Overview–The Options and What They Mean (P10d) Ryan Mackie, Principal, ISO Practice Director, Schellman & Company; Scott Zelko, Principal, Schellman & Company

11:00 - 11:45 Networking Break in Exhibits

11:45 – 12:45 Conference Sessions

Enterprise Compliance Track

11:45 ISO 27000, What’s in It For Me (E11a) James Goldstein, Regional Manager/Chief Assessor U.S., IMSM

12:15 ISO 27001 as a Foundation for a Common Controls Framework (E11b) Daryouche Behboudi, Managing Director, CohnReznick Advisory

Cloud Compliance Track

11:45 How Do I Get Started with FedRAMP? (C11a) Martin Rieger, Vice President, Cyber Security Services, Emagine IT; Kris Martel, Chief Information Security Officer, Emagine IT

12:15 Assessment and Compliance for the Cloud (C11b) Chris Williams, Chief Cybersecurity Architect, Leidos; Siobhan Moran, Cyber Architect, Principal Consultant, Leidos

12:45 – 13:45 Lunch in Exhibit Area

13:45 – 15:15 Conference Sessions

Enterprise Compliance Track

13:45 Managing an ISO 27001 Certification Program in the Age of Acquisitions (E12a) Shane York, Senior Security Compliance Manager, Salesforce

14:15 [60MIN] Enterprise Compliance Panel Discussion: Certification Pitfalls and Lessons Learned (E12b) Moderator: Willy Fabritius, Senior Manager – Global Accounts, BSI Panelists: John Linkous, Founder and CEO, InterPoint Group; Heather Reis, VP, Operations and Consulting, ITG; VP, Neil Witek, VP, Security Governance AIM Specialty Health

Cloud Compliance Track

13:45 Taking Compliance to the Cloud (Tools and Techniques Using ISO Standards) (C12a) Tim Weil, Network Project Manager, Alcohol Monitoring Systems

14:15 Considering a Dramatically Different Paradigm to Ensure Security; How the Dynamic and Abstracted Infrastructure can be More Secure Than Ever (C12b) Robert Ames, Senior Director, National Technology Strategy, VMware; Ranil Dassanayaka, Sr. Director, Architecture & Engineering Government, Education and Healthcare, VMware

14:45 Ensuring Security, Trust and Assurance via CSA STAR (C12c) Anil Karmel, President, Cloud Security Alliance-DC Chapter, CEO, C2 Labs

15:15 – 15:45 Networking Break in Exhibits

15:45 – 17:15 Conference Sessions

Enterprise Compliance Track

15:45 Beyond Asset-Based Risk (E13a) Andrea Hill, Security Assessments and Strategy Security Consultant, Revolutionary Security; Angela Osborne, Regional Director, Security & Technology Consulting Practice, Guidepost Solutions

16:15 What Third Party Risk Means To Your Enterprise Compliance (E13b) Tom Garrubba, Sr. Director/CISO, Santa Fe Group

16:45 GDPR: Beyond the Talk, Let’s Get To Execution (E13c) Michael Powell, Solutions Consultant, ZL Technologies

Cloud Compliance Track

15:45 [60MIN] Cloud Compliance Panel Discussion: Should There be a Standard International Reference Architecture to Make Cloud Compliance Easier? (C13a) Moderator: Martin Rieger, Vice President, Cyber Security Services, Emagine IT; Panelist:  Mark Houpt, Chief Information Security Officer, Databank; Anthony Valentine, Senior Program Manager, Information Security Risk & Compliance, LInkedIn; Anil Karmel, President, Cloud Security Alliance-DC Chapter, CEO, C2 Labs

16:45 The Importance of Identity Governance and Administration (IGA) in Compliance Frameworks (C13c) Frank Briguglio, Public Sector Identity Governance Strategist, SailPoint

17:15 – 18:45 Welcome Reception in Exhibits

18:45 – 21:15 Dine-Around DC

Wednesday, October 10

08:00 – 09:00 Coffee in Exhibits

9:00 - 9:30 Plenary Session

9:00 Privacy by Design (D20a) Jonathan Cantor, DHS Deputy Chief Privacy Officer,  Department of Homeland Security

9:30 – 9:45 Networking Break in Exhibits

09:45 – 10:45 Conference Sessions

Data Privacy Track

Cross-Compliance Track

9:45 ISO 27000 Certification Helping Organizations in GDPR Compliance (R20b) Sanjay Basu, Lead Auditor, Oracle Corp; Neelov Kar, Lead Auditor, PM Game

10:15 The ISO 27000 Ecosystem (R20c) Willy Fabritius, Senior Manager – Global Accounts, BSI 

10:45 – 11:00 Networking Break in Exhibits

11:00 – 12:30 Conference Sessions

Data Privacy Track

Cross-Compliance Track

11:00 Optimizing Compliance Management Using Regulatory Libraries and Mappings: A Perspective on Data Security and Privacy Compliance (R21a) Steve Crutchley, Owner, C2C Smartcompliance; Brian Alexander, Chief Legal Officer, C2C Smartcompliance

11:30 Cross Compliance on a Budget—Strategies for Addressing Multiple Regulatory Frameworks Without Breaking the Bank (R21b) Ed Moyle, General Manager and Chief Content Officer, Prelude Institute

12:00 Security and Compliance Certification—The Hype, Hope & Harsh Reality (R21c) John Sapp, Director, IT Security & Controls—Global CISO, Orthofix

12:30 – 13:30 Lunch in Exhibit Area

13:30 – 14:30 Conference Sessions

Data Privacy Track

13:30 Blockchain and GDPR – How Do You Forget What Cannot Be Forgotten? (D22a) Joshua Marpet,COO/Founder, Red Lion; Scott Lyons, CEO/Founder, Red Lion

14:00 Presentation TBA (D22b) 

 

Cross-Compliance Track

14:30 – 15:00 Networking Break in Exhibits

Exhibits close at 15:00

15:00 – 16:00 Summary Panel Discussion

Current Frameworks vs. the Threat of Future Technologies (P23) Panelists will look at the recognized frameworks and consider implications related to future technologies such as A.I., BlockChain, IoT. How will consulting and advisory services respond and what revised standards are required? The panel will look at integrating the audit regimes, utilizing cloud, and strategies for success. Moderator: Willy Fabritius, Senior Manager – Global Accounts, BSI Panelists: Tim Lowman, COO, EmeSec; Kimberly Lucy, Sr. Privacy Program Manager, Microsoft; Ryan Mackie, Principal, ISO Practice Director, Schellman & Company; Joe Warren, Global Product Line Manager, Thales