October 9-10, 2018 | The Westin Tyson's Corner | Washington, DC

Conference Agenda

Tuesday, October 9

08:00 - 09:00 Registration

09:00 – 10:30 Plenary Keynote Session

Opening Plenary Keynote Presentation (P10b) Matt Goodrich, FedRAMP Director, GSA

Matt Goodrich launched FedRAMP, the first mandatory government policy for the security authorization and use of cloud computing.

Cybersecurity Risk and Compliance: Past, Present and Future (P10c) David Lacey, Managing Director, David Lacey Consulting Ltd

David Lacey is an internationally respected security and technology thought-leader, and the original author of the British Security Standard BS7799.

10:30 - 11:15 Networking Break in Exhibits

11:15 – 12:45 Conference Sessions

Enterprise Compliance Track

11:15 Enterprise Compliance Track Keynote (E11a) Richard Beacham, ISO Standards Specialist Consultant, IMSM

11:45 Compliance Overview–The Options and What They Mean (E11b) Ryan Mackie, Principal, ISO Practice Director, Schellman & Company; Scott Zelko, Principal, Schellman & Company

12:15 ISO 27001 as a Foundation for a Common Controls Framework (E11c) Daryouche Behboudi, Managing Director, CohnReznick Advisory

Cloud Compliance Track

11:15 Security & Compliance: A Driving Force Behind Moving to the Cloud (C11a) Michael South, Principal Business Development, Amazon

11:45 How Do I Get Started with FedRAMP? (C11b) Martin Rieger, Vice President, Cyber Security Services, Emagine IT; Kris Martel, Chief Information Security Officer, Emagine IT

12:15 Assessment and Compliance for the Cloud (C11c) Chris Williams, Chief Cybersecurity Architect, Leidos; Siobhan Moran, Cyber Architect, Principal Consultant, Leidos

12:45 – 13:45 Lunch in Exhibit Area

13:45 – 15:15 Conference Sessions

Enterprise Compliance Track

13:45 Managing an ISO 27001 Certification Program in the Age of Acquisitions (E12a) Shane York, Senior Security Compliance Manager, Salesforce

14:15 [60MIN] Enterprise Compliance Panel Discussion: Certification Pitfalls and Lessons Learned (E12b) Moderator: Willy Fabritius, Senior Manager – Global Accounts, BSI Panelists: John Linkous, Founder and CEO, InterPoint Group; Heather Reis, VP, Operations and Consulting, ITG; VP, Neil Witek, VP, Security Governance AIM Specialty Health

Cloud Compliance Track

13:45 Taking Compliance to the Cloud (Tools and Techniques Using ISO Standards) (C12a) Tim Weil, Network Project Manager, Alcohol Monitoring Systems

14:15 Considering a Dramatically Different Paradigm to Ensure Security; How the Dynamic and Abstracted Infrastructure can be More Secure Than Ever (C12b) Robert Ames, Senior Director, National Technology Strategy, VMware; Ranil Dassanayaka, Sr. Director, Architecture & Engineering Government, Education and Healthcare, VMware

14:45 Ensuring Security, Trust and Assurance via CSA STAR (C12c) Anil Karmel, President, Cloud Security Alliance-DC Chapter, CEO, C2 Labs

15:15 – 15:45 Networking Break in Exhibits

15:45 – 17:15 Conference Sessions

Enterprise Compliance Track

15:45 Beyond Asset-Based Risk (E13a) Andrea Hill, Security Assessments and Strategy Security Consultant, Revolutionary Security; Angela Osborne, Regional Director, Security & Technology Consulting Practice, Guidepost Solutions

16:15 What Third Party Risk Means To Your Enterprise Compliance (E13b) Tom Garrubba, Sr. Director/CISO, Santa Fe Group

16:45 GDPR: Beyond the Talk, Let’s Get To Execution (E13c) Michael Powell, Solutions Consultant, ZL Technologies

Cloud Compliance Track

15:45 Cloud Compliance Presentation TBA (C13a) Marianne Meagher, Director, Federal Civilian Agencies, Veeam Software

16:15 [60MIN] Cloud Compliance Panel Discussion: Should There be a Standard International Reference Architecture to Make Cloud Compliance Easier? (C13b) Moderator: Martin Rieger, Vice President, Cyber Security Services, Emagine IT; Panelist:  Mark Houpt, Chief Information Security Officer, Databank; Anthony Valentine, Sr. Compliance Program Manager, LinkedIn; Anil Karmel, President, Cloud Security Alliance-DC Chapter, CEO, C2 Labs

17:15 – 18:45 Welcome Reception in Exhibits

18:45 – 21:15 Dine-Around DC

Wednesday, October 10

08:00 – 09:00 Coffee in Exhibits

09:00 – 10:30 Conference Sessions

Data Privacy Track

9:00 Data Privacy Track Keynote (D20a) Jonathan Cantor, Acting Chief Privacy Officer and Chief Freedom of Information Act (FOIA) Officer Department of Homeland Security

9:30 Data Protection: Security In The Cyber Environment (D20b) Henry Sienkiewicz, Secure Channels

10:00 Introducing ISO/IEC 27552 Privacy Information Management System (D20c) Alex Li, Principal Standards Analyst, Microsoft

Cross-Compliance Track

9:00 Cross-Compliance Track Keynote Presentation: The Road to Compliance Starts with You (R20a) Erika Voss, Head of Information Security, Risk, and Compliance, Zillow Group

9:30 ISO 27000 Certification Helping Organizations in GDPR Compliance (R20b) Sanjay Basu, Lead Auditor, Oracle Corp; Neelov Kar, Lead Auditor, PM Game

10:00 The ISO 27000 Ecosystem (R20c) Willy Fabritius, Senior Manager – Global Accounts, BSI 

10:30 – 11:00 Networking Break in Exhibits

11:00 – 12:30 Conference Sessions

Data Privacy Track

Cross-Compliance Track

11:00 Optimizing Compliance Management Using Regulatory Libraries and Mappings: A Perspective on Data Security and Privacy Compliance (R21a) Steve Crutchley, Owner, C2C Smartcompliance; Brian Alexander, Chief Legal Officer, C2C Smartcompliance

11:30 Cross Compliance on a Budget—Strategies for Addressing Multiple Regulatory Frameworks Without Breaking the Bank (R21b) Ed Moyle, General Manager and Chief Content Officer, Prelude Institute

12:00 Security and Compliance Certification—The Hype, Hope & Harsh Reality (R21c) John Sapp, Director, IT Security & Controls—Global CISO, Orthofix

12:30 – 13:30 Lunch in Exhibit Area

13:30 – 14:30 Conference Sessions

Data Privacy Track

13:30 Data privacy: GDPR and Beyond (D22a) Christoph Luykx, Chief Privacy Strategist, Senior Director, Global Government Relations, CA Technologies

14:00 Blockchain and GDPR – How Do You Forget What Cannot Be Forgotten? (D22b) Joshua Marpet,COO/Founder, Red Lion; Scott Lyons, CEO/Founder, Red Lion

Cross-Compliance Track

14:30 – 15:00 Networking Break in Exhibits

Exhibits close at 15:00

15:00 – 16:00 Summary Panel Discussion

Current Frameworks vs. the Threat of Future Technologies (P23) Panelists will look at the recognized frameworks and consider implications related to future technologies such as A.I., BlockChain, IoT. How will consulting and advisory services respond and what revised standards are required? The panel will look at integrating the audit regimes, utilizing cloud, and strategies for success. Moderator: Willy Fabritius, Senior Manager – Global Accounts, BSI Panelists: Alex Li, Principal Standards Analyst, Microsoft; Tim Lowman, COO, EmeSec