(ISC)2 East Bay Chapter Fall Conference, "Charge the Holidays: Security in Online Retail"

Security in Online Retail, SaaS Architecture from Dystopia to Utopia - November 16^th, 2017 - (ISC)2 East Bay Fall Conference

Venue: Castlewood Country Club, Pleasanton Directions
This one-day security track includes 11 speakers and six guided product demonstration events offering 10 CPE for full attendance. (ISC)2 Chapter events facilitate lively discussion and opportunities to extend the presenter wisdom to our real needs in keeping Bay Area companies both competitive and safe. Please learn more at https://isc2-eastbay-chapter.org, LinkedIn, Facebook
(This 1-day event counts towards 10 hours of Continuing Professional Education or 10 CPEs.)
Theme - Security in Online Retail - Regulations in the face of Technology Disruption Breaking & Entering: IoT and Security PCI DSS 3.2 and the Designated Entities Supplemental Validation Criteria and New Responsibility to Report on Failures Why We need Solutions for the Hybrid Cloud and How to Map Threat Mitigation to Cloud Based Infrastructure PCI DSS 3.2 and the Designated Entities Supplemental Validation Criteria and New Responsibility to Report on Failures Why We need Solutions for the Hybrid Cloud and How to Map Threat Mitigation to Cloud Based Infrastructure Why We need Solutions for the Hybrid Cloud and How to Map Threat Mitigation to Cloud Based Infrastructure Privacy Consumer Driven Privacy, Give Me Back My Data Cloud Security and Privacy - What's at stake in Global Online Retail How might technology influence or change what we chose to remain private IAM, Vulnerability, Incident, Change, Cloud Security, DevOps, and CloudOps Hands-On Perspectives: Deploying FIDO-Based Modern Authentication Solutions How To Develop a Security Strategy: Problems and Solutions in a World Not Yet Defined - Security in an Interconnected World Secure DevOps; Not an Oxymoron Continuous Monitoring using Security Architecture PCI, HITRUST, FedRamp/NIST, SOC 2, or ISO 27002 ISMS implemented controls - Incident, Vulnerability, and Change 8:00 AM - 8:40 AM Registration to 5:45 PM Closing Remarks and Raffle 5:30 - 6:30 PM Speaker Reception Please make sure to bring a government issued photo id (Driver License or CA ID card etc.) to gain access to the conference room.		Pricing: (ISC)2 is happy to accept member ID from its partner professional organizations: ISACA, ISSA, ISC² Early Bird Member* $105 Early Bird Non-Member* $120 Student $45 Registration after November 1st Member or Affiliate Member $130 Non-Member $145 Sorry no more student passes If you are experiencing hardship and wish to attend, please have proof of (ISC)2 membership or ISACA membership and reach out to This email address is being protected from spambots. You need JavaScript enabled to view it. – Jing Zhang-Lee This email address is being protected from spambots. You need JavaScript enabled to view it. – Robin Basham

1.1 9:00 AM- 9:30 AM		Meet Helen Cho
“Online Retail" Beyond Disruption, Managing Risk in the Digital World Helen Cho, Program Manager, Global Third Party Risk, VISA	Responsible for minimizing risk of loss and adverse reputational damage associated with cardholder data compromises by ensuring compliance with PCI DSS and driving Visa's data security strategy across the payment ecosystem, Helen Cho is a dynamic, result-oriented professional with 12+ years of regulatory and policy making experience and a recognized ability to lead successful, complex compliance and risk management projects. Champion for driving business goals in a fast-paced VISA environment, we invite Helen to share strategy in PCI DSS risk management. We can't ask for a more informed choice in leading our conference than the wisdom that is found at VISA.
1-1 Session Description: This presentation will discuss the way consumers discover, shop and buy products and services and how these experiences are dramatically redefined as online commerce continues to expand. In the increasingly digital economy and culture of convenience, where does security fit in? This session will cover managing risk in today’s payment landscape. About VISA – Visa Inc. is a global payments technology company that connects consumers, businesses, financial institutions, and governments in more than 200 countries and territories to fast, secure and reliable electronic payments. We operate one of the world’s most advanced processing networks — VisaNet — that is capable of handling more than 65,000 transaction messages a second, with fraud protection for consumers and assured payment for merchants. Visa is not a bank and does not issue cards, extend credit or set rates and fees for consumers. Visa’s innovations, however, enable its financial institution customers to offer consumers more choices: pay now with debit, pay ahead with prepaid or pay later with credit products. For more information, visit usa.visa.com/about-visa, visacorporate.tumblr.com, and Visaeurope.com
1.2 9:45 AM - 10:15 AM		Meet Abbie Barbir
Hands-On Perspectives: Deploying FIDO-Based Modern Authentication - The door to secure commerce Abbie Barbir, Senior Security Advisor, AETNA, Executive Council, FIDO Alliance	Senior Security Advisor, AIS Security Innovation, Aetna: Abbie Barbir serves as a Senior Security Advisor in the areas of identity management, mobile devices, and authentication at Aetna Global Information Security. Barbir has extensive experience in identity and access management. He has worked with many standard organizations on developing next generation authentication technologies. Currently, he represents Aetna on the FIDO Board of Directors. Barbir holds a Ph.D. in computer engineering from Louisiana State University. In his more than 25 years in the software and security industry, he has been a Professor of Computer Science, an Application Developer, Data Compression and Encryption Inventor, Systems Architect, Security Architect, Engineering Manager, Consultant, Author and Inventor of numerous security algorithms and articles.
1-2 Session Description: Emerging modern authentication solutions such as FIDO eliminate the reliance on passwords with stronger authentication based on devices used by people on daily basis. The talk will go over Next Generation Authentication efforts at Aetna and discuss lessons learned from current deployment and how to better benefit from FIDO-compliant solutions. About Aetna and Fido Alliance: About Aetna: Here at Aetna, we are building a healthier world by making healthcare easy, affordable and all about you. Follow our LinkedIn page for company news, industry commentary, jobs and more. Founded in 1853 in Hartford, CT, Aetna is one of the nation's leading diversified health care benefits companies, serving an estimated 46.7 million people with information and resources to help them make better decisions about their healthcare.About Fido Alliance: The FIDO (Fast IDentity Online) Alliance plans to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services. This new standard for security devices and browser plugins will allow any website or cloud application to interface with a broad variety of existing and future FIDO-enabled devices that the user has for online security. About Fido Alliance: The FIDO (Fast IDentity Online) Alliance plans to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services. This new standard for security devices and browser plugins will allow any website or cloud application to interface with a broad variety of existing and future FIDO-enabled devices that the user has for online security.
1.3 10:20 AM - 10:55 AM		Meet Laura Anthony
How to Effectively Manage Compliance for Multiple Global Assessments in a Fortune 500 Enterprise Laura Anthony, Vice President, Technology Compliance at Salesforce	Laura Anthony leads a career focused on Technology Compliance. Starting in U.S. government compliance at KPMG, her role at Salesforce has expanded to oversee a cross-functional Technology Compliance team, responsible for ensuring that Salesforce meets its external technical compliance obligations globally across products. The team's responsibilities span multiple certifications, industries, and geographies and developing a scalable compliance approach is required. Laura’s specific focus on compliance for cloud computing and enabling enterprise adoption of cloud computing will be the focus of her greatly anticipated talk regarding the management of multiple compliance requirements in a global, cloud based, enterprise SaaS company.
1-3 Session Description: In today's global economy, compliance certifications and regulations are growing by the day and compliance certifications are imperative for demonstrating trust to customers. So how do you meet your global customers' compliance needs? You need a recipe for managing audits and assessments effectively and at scale. More About: About Salesforce: Salesforce is the Customer Success Platform. Our social and mobile cloud technologies—including our flagship sales and CRM applications—help companies connect with customers, partners, and employees in entirely new ways. For those who venture in search of content that thrills, inspires, and informs: interactive.salesforce.com/discover-content-collection http://www.salesforce.com
1- 4 11:00 AM - 11:30 AM	Featuring IT Transformation and Security Architecture	Meet Nick Yoo
Cybersecurity Roadmap: Security Architecture for the Retail Sector Nick Yoo, Chief Security Officer at BMC Software	Nick H. Yoo, Chief Security Officer at BMC Software, worked as Chief Security Architect for a global healthcare IT company responsible for the enterprise security architecture and key cyber security initiatives such as identity and access management, cloud security and application security. Previously, Yoo was VP of IT Engineering at Samsung SDS, responsible for software engineering standards, methodology and frameworks to enhance developers’ productivity and software security. Yoo also worked at global consulting companies such as Ernst & Young, CSC, and EDS, and has over 25 years of IT experience. Yoo is an active member of professional organizational groups such as Bay Area APT Response, ISSA, ISACA, and OWASP. He holds numerous professional certifications including CISM and CISSP and has a BBA and master in cyber security.
1- 4 Session Description: Using NIST cybersecurity framework, BMC manages a global security architecture and roadmap addressing security gaps by architecture domain across common security capability. This session will discuss the architecture framework, capability matrix, the architecture development methodology and key deliverables. About BMC: BMC is a global leader in software solutions that help IT transform traditional businesses into digital enterprises for the ultimate competitive advantage. Our Digital Enterprise Management set of IT solutions is designed to make digital business fast, seamless, and optimized. From mainframe to mobile to the cloud and beyond, we pair high-speed digital innovation with robust IT industrialization—allowing our customers to provide intuitive user experiences with optimized performance, cost, compliance, and productivity. BMC solutions serve more than 10,000 customers worldwide including 82 percent of the Fortune 500.
1-5 11:30 AM to 12:00 PM		Meet Bob Gilbert
Clarity in the Cloud Age Bob Gilbert, Chief Evangelist, Netskope	Chief Evangelist and VP Product Marketing, Netskope, Bob heads up the product marketing and evangelism efforts at Netskope, the leading cloud access security broker (CASB). Bob is also a prolific speaker and product demonstrator, reaching live audiences in more than 45 countries over the past decade. His career spans more than 20 years in Silicon Valley where he has held product management and marketing leadership roles at various technology companies. Most recently he was the Chief Evangelist at Riverbed where he was a member of the pioneering team that launched Riverbed from a small start-up of less than 10 employees to a market leader with more than 2,800 employees and $1B in annual revenue.
1- 4 Session Description: A balanced and real-world view of the risks and rewards of a cloud-first data strategy. Understand regulatory compliance requirements (GLBA, HIPAA, PCI, GDPR) that apply when enterprises adopt cloud-based services like Office 365, Box or Slack, as well as unsanctioned “shadow IT” risks. Learn how leading companies in Retail, Healthcare and Financial Services have realized competitive advantages with their cloud-first IT strategies while securing sensitive data from unauthorized access and protecting their users against new cloud-borne threats. About Netskope: Netskope is the leader in cloud security. Using patented technology, Netskope’s cloud-scale security platform provides context-aware governance of all cloud usage in the enterprise in real time, whether accessed from the corporate network, remote, or from a mobile device. This means that security professionals can understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work today. With granular security policies, the most advanced cloud DLP, and unmatched breadth of workflows, Netskope is trusted by the largest companies in the world. Netskope — security evolved.
1-5 1:00 to 1:30		Meet Bill Harmer
Change is Simply an Act of Survival: Predicting the future while shackled to the past Bill Harmer, Chief Cloud Strategist, Zscaler	Bil has been in the IT industry for 30 years. He has been at the forefront of the Internet since 1995 and his work in security began in 1998. He has led security for startups, Government and well established Financial Institutions. In 2007 he pioneered the use of the SAS70 coupled with ISO to create a trusted security audit methodology used by the SaaS industry until the introduction of the SOC2. He has presented on Security and Privacy in Canada, Europe and the US at conferences such as RSA, ISSA, GrrCon and the Cloud Security Alliance. He has been interviewed by and has written for various publications such as Dark Reading, Data Informed, SecureWorld and Security Intelligence. His vision and technical abilities have been used on advisory boards for Adallom, Trust Science, ShieldX, Resolve and Integris. He has served as Chief Security Office for GoodData, VP Security & Global Privacy Officer for the Cloud Division of SAP and now serves as a Strategist for Zscaler where he runs the Office of the CISO for the Americas. https://www.linkedin.com/company/234625/
1-5 Session Description: This presentation will briefly review the history and development of the corporate network, its interaction with the Internet and how the adoption of SaaS and PaaS based solutions have rendered the network irrelevant from a security perspective. We will explore recent developments in malware, trends in targets and attack methodologies using case studies. Finally, we will then consider one possible future and explore how laying the ground work now will provide a more secure base to work from while improving usability for the Netizens while reigning in costs. About Zscaler: Zscaler enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud first world. Its flagship services, Zscaler Internet Access, and Zscaler Private Access create fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100% cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances or hybrid solutions are unable to match. Used in more than 185 countries, Zscaler operates the world’s largest cloud security platform, protecting thousands of enterprises and government agencies from cyber attacks and data loss. Zscaler
1- 6 1:30 to 2:00		Meet Sean Cordero
How to use PCI to neutralize our greatest online retail cybersecurity threats Senior Executive Director, Optiv, Sean Cordero	Sean's entire career has been one of acting as a continuous change agent, leveraging cutting-edge IT security solutions that protect critical data and support unprecedented growth. He's successfully transformed the information security systems of Fortune 100 companies and innovative cybersecurity organizations while minimizing operational expenses, improving enterprise processes, strengthening relationships, and building world-class teams. Improving Information Security PRACTICES: He drives successful, business-aligned information security programs through transformative ideas and innovations. For renowned thought leadership and exceptional client engagement, he's won MVP Award for Executive Advisory consecutively- 2016 and 2017. EXCEEDING EXPECTATIONS OF FORTUNE 100 CLIENTS: Known for dramatically improving system security and generating buzz for products/offerings, with an incredible track record of delivering services to Fortune 100 companies and innovative cybersecurity firms. SOLVING PROBLEMS WHILE SAVING MONEY Proactive in identifying and preventing emerging cybersecurity threats and vulnerabilities, he continually finds new ways to reduce expenses. While improving physical/information security, Sean slashed operating expenses (OPEX) 25% for managed services in just 1 year by renegotiating vendor agreements.
1-6 Session Description: How can we use PCI to neutralize the greatest cybersecurity threats? This topic includes: PCI Compliance Challenges Running an Effective Vulnerability Management Program Designated Entities Supplemental Validation Criteria and New Responsibility to Report on Failures About Optiv: Strategy with dimension. Optiv is the strategic consulting arm of The Healthy Thinking Group, Australia’s largest and most experienced healthcare communication groups. We are healthcare strategy specialists with specific skills tailored to life sciences. We’ve solved strategic problems and improved business outcomes for clients in the pharmaceutical, biotech, agriculture, and animal health industries. As part of the Healthy Thinking Group, we’ve worked on many projects across the Asia Pacific region and beyond. We’re curious about anything that improves the health of humans, animals, plants or our environment. We understand that challenges in healthcare can be complex and multifaceted. That’s why we have a considered approach to strategy that helps us explore all angles to uncover new possibilities. Our depth of expertise spans a variety of commercial functions. We not only collaborate directly with our clients on their business needs, we also partner with our Healthy Thinking Group colleagues to create strategic platforms for advertising, digital and medical education campaigns. Our team is united by a passion to deliver tailored, insights driven recommendations across our three pillars - Business, Brands, and People.
1- 7 2:00 to 2:30	Security Engineering	Meet Jim Saliba
Agile and Audits Do Co-exist Jim Saliba, President at Saliba Consulting Group, Agile Coach at CISCO	Business Transformation Architect, Enterprise Agile Coach, and Strategist, Jim is a Senior Executive with a rare balance of management consulting, information technology, and operations across rapid expansion, turnarounds and M&As. Jim offers Business Transformation leadership; architecting business process transformations strategy through execution with a holistic view of Business Agility giving organizations the competitive edge in a world of rapid internal and/or external environments without losing momentum or vision. My strengths include leveraging a full spectrum of Lean product and Agile methodologies at all levels of the organization to achieve business outcomes. People choose to work with Jim because he's effective in helping their organizations build high performance, innovative cultures and teams particularly in medium to large companies in technology, financial services, and transportation industries. Currently providing service to CISCO, Jim is well known for his years with PwC as their Chief Agility Architect and Director, Global Innovations Software Labs. The Global Innovation Software Labs (GISL) organization will accelerate this transformation, by bringing together Agility in incubation, development and launch functions that can jump-start new ideas and rapidly bring them to market. It enables PwC to quickly develop new, game changing business models and complete commercial software offerings that provide unique value to our clients and differentiate PwC in the market This email address is being protected from spambots. You need JavaScript enabled to view it.
1-7 Session Description: “We are running on Agile, so there is nothing to audit” is a refrain auditor hear all too often when Many organizations today feel the pressure to move fast, release often and stay open to change while having the requirement to comply with mandatory regulations. As development teams adopt agile practices Auditors hear too often “We are running on Agile, so there is nothing to audit”, while regulatory agencies seem to prefer documentation over working software, templates over discussions and governance over adaptiveness. Yes, these two worlds can co-exist! Jim will show you how to make agile audits work. With more than 25 years developing enterprise products and coaching Agile businesses Jim will show you the Agile processes and artifacts that pass audits.
1- 8 2:30 to 3:00		Meet Aarij Khan and his guest
Next Gen Security Management Aarij Khan, V.P. of Marketing, Securonix, and mystery guest	Aarij Khan joins Securonix as VP of Marketing, bringing a deep understanding of the security market and buyer combined with over 15 years of marketing leadership at high growth, innovative security vendors.Previously, Aarij led marketing efforts at RiskIQ where he was responsible for product marketing, analyst and public relations strategy, channel marketing, field marketing, and growth. Before that, he led product and solution marketing at Tenable Network Security and ThreatMetrix. Earlier, Aarij spent over 4 years at ArcSight/HP where he was instrumental in the rapid adoption of ArcSight SIEM products, and ArcSight’s recognition as a leader in the Gartner Magic Quadrant for SIEM for 4 years in a row.Aarij holds a Bachelor of Science in computer engineering from Cornell University, a Master of Science in Economics from the Catholic University of Leuven (Belgium), and a Master of Business Administration from Cornell’s Johnson Graduate School of Management. http://www.securonix.com
1-8 Session Description: Next Gen Security Management presents a customer case study describing their challenges with their security management program, and how they addressed several limitations of point security tools through the use of an integrated security risk management program. About Securonix: Securonix is working to radically transform all areas of data security with actionable security intelligence. Our purpose-built advanced security analytics technology mines, enriches, analyzes, scores and visualizes customer data into actionable intelligence on the highest risk threats from within and outside their environment. Using signature-less anomaly detection techniques that track users, account, and system behavior, Securonix is able to automatically and accurately detect the most advanced cyber threats, insider threats, and fraud attacks. Globally customers are using Securonix to address the most basic and complex needs around insider threat detection and monitoring, high privileged activity monitoring, data exfiltration, enterprise and web fraud detection, application risk monitoring, cloud security monitoring, cyber threat monitoring and access risk management. Securonix uses a Hadoop platform to provide unlimited scalability and open data model. http://www.securonix.com
1- 9 3:00-3:30		Meet Robin Basham
How to make our Vendors help us Moderator: Robin Basham, CEO EnterpriseGRC	CEO CISO EnterpriseGRC Solutions, with a recent contribution in engineering system policy rules into the ARAP product, as VP Security and Compliance at Cavirin, and a full-time assignment as ISMS Compliance Program lead at CISCO, Robin Basham provides thought leadership and product in delivering concrete security programs that transform compliance burden to strategic advantage. Certified Information Systems Security (CISSP), Audit (CISA), Governance (CGEIT) and Risk (CRISC), earning two master’s degrees in Technology and Education M.IT & M.Ed, Robin is known in fortune five Boston, Mid-Atlantic, Silicon Valley and East Bay as consultant, frequent speaker, educator, and board contributor. Enterprise ICT GRC expert and early adopter in both certifying and offering certification programs for Cloud Security and Virtualization, Robin has industry experience in management of systems, controls and data for SaaS (IaaS and PaaS), Finance, Healthcare, Banking, Education, Defense and High Tech. Positions held include Technology Officer at State Street Bank, Leading Process Engineering for a major New England CLEC, Sr. Director Enterprise Technology for multiple advisory firms, engineering the FCM product and running two governance software companies, and recently Director Enterprise Compliance for a major player in the mortgage industry, Ellie Mae. Robin is currently at CISCO implementing FCM as a prototype GRC.
1-9 Session Description: Continuous Monitoring using Security Architecture Output for PCI, HITRUST, FedRamp/NIST, SOC 2, or ISO 27002 ISMS implemented controls - Incident, Vulnerability, and Change About EnterpriseGRC Solutions: EnterpriseGRC Solutions Inc.® offers business transformation and risk management services. We know GRC is broken. We can fix it. EnterpriseGRC Solutions® professionals provide strategic guidance and training, delivering pragmatic tools to help clients' achieve their enterprise governance, operational and control objectives. EnterpriseGRC Solutions® excels in providing technical, business and application assessments, enterprise integration services, controls automation, GRC platform design optimization, policy and program services, business continuity, and most recently, cloud and virtualization governance services.
1- 10 4:00 PM to 4:30		Meet Vishal Gupta
Consumer Driven Privacy, or "Give Me Back My Data" Vishal Gupta, CEO, Seclore	As the Founder and CEO of Seclore, Vishal comes with two decades of experience in sales, marketing, and business management. His core responsibilities are corporate development, investor relations, and strategic vision. Vishal is an IIT Bombay (Electrical Engineering) graduate and a specialist in biometric security systems. His ideation in fingerprint imaging led to the development of the core technology behind Herald Logic, a company he founded in 2000. The company showed record 220% CAGR, spreading to Singapore, Australia, and UK. An active participant in physics activities with the IAPT (Indian Association of Physics Teachers) and NSEP (National Standard Examination in Physics), Vishal is amongst the top 1% in the country in physics. When he is not dreaming about keeping data secure, Vishal is an active sports person, a keen blogger on information security, and an intrepid speaker at various information security forum.
1-9 Session Description: In an era of "hack back" controversy, there are legitimate, safe and effective ways to protect our data.Vishal Gupta, CEO of Seclore, explores the journey to create a product that lets us get our data and how data centric security is the wave and mandate of the future. About Seclore: Seclore’s Enterprise Digital Rights Management solution enables organizations to control the usage of files wherever they go, both within and outside of organizations’ boundaries. The ability to remotely enforce and audit who can do what with a file (view, edit, copy, screen capture, print, run macros), from which device and when empowers organizations to embrace BYOD, Cloud services, Enterprise File Sync and Share (EFSS) and external collaboration with confidence. Featuring dozens of pre-built connectors for leading enterprise applications (EFSS, DLP, ECM, ERP, and email), Seclore automates the protection of documents as they are downloaded, discovered, and shared to ensure rapid adoption. Seclore was recently recognized by Frost & Sullivan with a Growth Excellence award, by Deloitte as one of the ‘50 Fastest Growing Technology Companies,’ and by Gartner as a ‘Cool Vendor,’ due to innovations in browser-based access to protected documents. With over 4 million users across 420 companies in 22 countries, Seclore is helping organizations achieve their data security, governance, and compliance objectives. http://www.seclore.com/
Is it "IOT, Breaking and Entering" or "Just Run the Business" Pritesh Parekh, MS, MBA,CISSP,CISA,CISM,CRISC, VP, CSO at Zuora	Pritesh Parekh has decades of experience in building and managing enterprise security programs, and with the last 12 years leading security for Cloud platforms. Prior to joining Zuora, Pritesh was leading the world wide Security and Compliance for ServiceNow. He has extensive experience in Cloud Security, IoT Security, Application Security, Compliance, Data Protection, Fraud Protection, Security Architecture and Risk Management for Financial Institutions, SaaS & Cloud Providers. He has been a speaker at several conferences, quoted in several articles, magazine and a Subject Matter Expert for BITS Shared Assessment & Cloud Development group. Pritesh's team won the Best Security Team award at SC awards 2016. He is one of the finalists for Information Security Awards (ISE) 2016 awards from T.E.N, a finalist for CSO of the year award and elected Judge for SC Awards 2016. • Extensive experience building global security program from ground up, managing security assessments and regulatory requirements including ISO 27001, FISMA (NIST 800-53), PCI Level 1, SSAE 16, IQ/OQ, NERC CIP, SOX, GLBA, HIPAA, BITS Shared Assessment, EU Safe Harbor, SB 1386, BSIMM, Federal FFIEC Examinations and fortune 100 client audits. • Strong team building skills with exceptional leadership, interpersonal, and communication skills. • Highly capable of architecting security solutions, implementing security control practices and possesses strong technical background. • Subject Matter Expert for BITS Shared Assessment & Cloud Development group. • Speaker for several conferences ISACA, Secure World, The TRUST, BITS security & fraud, Subscribed and Knowledge conference. • Published several Security articles and quoted in several magazines. Interviewed by Javelin Strategy and Research on mobile security as a subject matter expert. • Bay Area SecureWorld Advisory Council • PCI Panel of experts for PCI Knowledge base.
1-11 Session Description: We have so many opportunities for a dramatic finish that Pritesh and the conference are yet to decide. Why not weigh in? Should we have Pritesh deliver his well received "IOT, Breaking and Entering" or shall we have the CSO of Zuora do something simple like explain how a cloud based operation Just runs the business? You'll have to stay until the end of the day to hear the topic that wins! About Zuora: Zuora is a SaaS company and the world’s foremost evangelist of the Subscription Economy. Zuora’s leading subscription relationship management platform helps enable businesses in any industry to launch or shift products to subscription, implement new pay-as-you-go pricing and packaging models, gain new insights into subscriber behavior, open new revenue streams, and disrupt market segments to gain competitive advantage. Zuora serves over 800 customers worldwide including Dell, Vivint, Schneider Electric, Box, The Financial Times and General Motors. Headquartered in Silicon Valley, Zuora also operates offices in Atlanta, Boston, Denver, San Francisco, London, Paris, Beijing, Sydney and Tokyo.


Seclore, Platinum Sponsor, live demonstration data-centric security	SECLORE Data Centric Risks will be the topic of an upcoming training. As a 2017 Platinum sponsor, we will enjoy this opportunity to look at securing the data at its source and look forward to our upcoming night of dedicated fine and granular data-centric access control. Seclore’s Enterprise Digital Rights Management solution enables organizations to control the usage of files wherever they go, both within and outside of organizations’ boundaries. The ability to remotely enforce and audit who can do what with a file (view, edit, copy, screen capture, print, run macros), from which device and when empowers organizations to embrace BYOD, Cloud services, Enterprise File Sync and Share (EFSS) and external collaboration with confidence. Featuring dozens of pre-built connectors for leading enterprise applications (EFSS, DLP, ECM, ERP, and email), SECLORE automates the protection of documents as they are downloaded, discovered, and shared to ensure rapid adoption. Seclore was recently recognized by Frost & Sullivan with a Growth Excellence Award, by Deloitte as one of the ‘50 Fastest Growing Technology Companies,’ and by Gartner as a ‘Cool Vendor,’ due to innovations in browser-based access to protected documents. With over 4 million users across 420 companies in 22 countries, Seclore is helping organizations achieve their data security, governance, and compliance objectives. http://www.seclore.com/ Stay tuned for upcoming hosted events involving SECLORE and (ISC)2 Community
Securonix, Platinum Sponsor, live demonstration visualizing the threat, actionable intelligence	Securonix is working to radically transform all areas of data security with actionable security intelligence. Our purpose-built advanced security analytics technology mines, enriches, analyzes, scores and visualizes customer data into actionable intelligence on the highest risk threats from within and outside their environment. Using signature-less anomaly detection techniques that track users, account, and system behavior, Securonix is able to automatically and accurately detect the most advanced cyber threats, insider threats, and fraud attacks. Globally customers are using Securonix to address the most basic and complex needs around insider threat detection and monitoring, high privileged activity monitoring, data exfiltration, enterprise and web fraud detection, application risk monitoring, cloud security monitoring, cyber threat monitoring and access risk management. Securonix uses a Hadoop platform to provide unlimited scalability and open data model. http://www.securonix.com
Netwrix, Platinum sponsor, live demonstration assigning the policy that proves our governance is in place	Netwrix Corporation was first to introduce visibility and governance platform for on-premises, hybrid and cloud IT environments. More than 150,000 IT departments worldwide rely on Netwrix to detect insider threats on premises and in the cloud, pass compliance audits with less expense and increase the productivity of IT security and operations teams. Founded in 2006, Netwrix has earned more than 90 industry awards and been named to both the Inc. 5000 and Deloitte Technology Fast 500 lists of the fastest growing companies in the U.S.
Netskope, Platinum Sponsor, live demonstration, mapping the path of business, the evolution of cloud security	Netskope is the leader in cloud security. Using patented technology, Netskope’s cloud-scale security platform provides context-aware governance of all cloud usage in the enterprise in real time, whether accessed from the corporate network, remote, or from a mobile device. This means that security professionals can understand risky activities, protect sensitive data, stop online threats, and respond to incidents in a way that fits how people work today. With granular security policies, the most advanced cloud DLP, and unmatched breadth of workflows, Netskope is trusted by the largest companies in the world. Netskope — security evolved.
Zscaler, Platinum Sponsor, live demonstration enables secure mobile enterprise in real time, architecting the secure enterprise network	Zscaler enables the world’s leading organizations to securely transform their networks and applications for a mobile and cloud first world. Its flagship services, Zscaler Internet Access, and Zscaler Private Access create fast, secure connections between users and applications, regardless of device, location, or network. Zscaler services are 100% cloud-delivered and offer the simplicity, enhanced security, and improved user experience that traditional appliances or hybrid solutions are unable to match. Used in more than 185 countries, Zscaler operates the world’s largest cloud security platform, protecting thousands of enterprises and government agencies from cyber attacks and data loss.
Your logo could be here

Allgress, Honorary Platinum and year round host to (ISC)2 East Bay Chapter Meetings Gordon Shevlin also supplies our guests with drink tickets Thank you Allgress!	While you're here explore the world's best GRC leveraging the Amazon Marketplace and native cloud application ready Health Care savvy governance program management. Allgress enables enterprise risk, security, and compliance professionals the ability to effectively manage their risk posture. By utilizing advanced visualization, automation, streamlined workflows, and the integration of existing data feeds, Allgress reduces the complexity and cost of risk management. Unlike other risk management solutions, Allgress customers derive value in days rather than months. For more information, visit www.allgress.com Contact us at This email address is being protected from spambots. You need JavaScript enabled to view it. or 925.579.0002 Stay tuned for upcoming hosted events involving Allgress and (ISC)2 Community
Exhibitor on deck Please welcome participation from PerimeterX who is slated to help us March to FedRamp, the March Conference for (ISC)2 East Bay Chapter	About PerimeterX: PerimeterX is a provider of scalable, behavior-based threat protection technology for the web, cloud and mobile. Its security service PerimeterX Bot Defender™ accurately protects commerce, media and enterprise websites from all types of automated or non-human attacks, at any scale. We are looking for top notch developers, sales and passionate people to join us in revolutionizing web security. Headquarters in San Francisco Bay area with Engineering center in Tel Aviv.
Honorary Exhibitor CyberArk contributed a speaker and sponsored our last event. We invite CyberArk for one more round and thank them for early adoption and support to (ISC)2 East Bay	CyberArk is the only security company laser-focused on striking down targeted cyber threats, those that make their way inside to attack the heart of the enterprise. Dedicated to stopping attacks before they stop business, CyberArk is trusted by the world’s leading companies — including more than 45% of the Fortune 100 companies — to protect their highest value information assets, infrastructure, and applications. For over a decade CyberArk has led the market in securing enterprises against cyber attacks that take cover behind insider privileges and attack critical enterprise assets. Today, only CyberArk is delivering a new category of targeted security solutions that help leaders stop reacting to cyber threats and get ahead of them, preventing attack escalation before irreparable business harm is done. At a time when auditors and regulators are recognizing that privileged accounts are the fast track for cyber attacks and demanding stronger protection, CyberArk’s security solutions master high-stakes compliance and audit requirements while arming businesses to protect what matters most. With offices and authorized partners worldwide, CyberArk is a vital security partner to more than 3,200 global businesses, including more than 45% of the Fortune, 100 more than 25% of the Global 2000, CyberArk has offices in the U.S., Israel, Australia, France, Germany, Italy, Japan, Netherlands, Singapore, Spain, Turkey and the U.K.
Honorary Exhibitor Optiv has hosted (ISC)2 East Bay Chapter for Pleasanton based events for the last two years. Thank You Optiv!	Strategy with dimension. Optiv is the strategic consulting arm of The Healthy Thinking Group, Australia’s largest and most experienced healthcare communication groups. We are healthcare strategy specialists with specific skills tailored to life sciences. We’ve solved strategic problems and improved business outcomes for clients in the pharmaceutical, biotech, agriculture, and animal health industries. As part of the Healthy Thinking Group, we’ve worked on many projects across the Asia Pacific region and beyond. We’re curious about anything that improves the health of humans, animals, plants or our environment. We understand that challenges in healthcare can be complex and multifaceted. That’s why we have a considered approach to strategy that helps us explore all angles to uncover new possibilities. Our depth of expertise spans a variety of commercial functions. We not only collaborate directly with out clients on their business needs, we also partner with our Healthy Thinking Group colleagues to create strategic platforms for advertising, digital and medical education campaigns. Our team is united by a passion to deliver tailored, insights driven recommendations across our three pillars - Business, Brands, and People.
Speaker Reception to Follow


How to become a member: Please directly contact our Chapter This email address is being protected from spambots. You need JavaScript enabled to view it. – Lokesh Sisodiya and fill out the membership form https://isc2-eastbay-chapter.org/membership/

		Thank you Chevron, even if you don't want your logo out here, we acknowledge the food and space you've supplied to us for the last two years.

(This 1-day event counts towards 10 hours of Continuing Professional Education or 10 CPEs.)
Your friends and colleagues at (ISC)2 East Bay Chapter chapter can't wait to see you. We hope you join us in giving special thanks to the conference committee volunteers, without whom, such events would not be possible. Providing weekly meetings, binding flyers, drafting letters, being a liaison to our gracious speakers, updating and proofing our brochures, and assisting in the overall quality management of the Summer Conference, we acknowledge Scott Sullivan, Atul Kumar, Debbie Vargus and Dave Repine and others as well as all members of the Board of Directors for their added responsibilities in coordinating our conference business, and for all the wisdom provided by the full membership of our board. Your support is greatly appreciated. Yours Sincerely, Robin Basham, Conference Director The (ISC)2 East Bay Chapter Board of Directors This email address is being protected from spambots. You need JavaScript enabled to view it. – Lokesh Sisodiya This email address is being protected from spambots. You need JavaScript enabled to view it. – Tom Rogers This email address is being protected from spambots. You need JavaScript enabled to view it. – Gary DyLina This email address is being protected from spambots. You need JavaScript enabled to view it. – Robin Basham Director Programs - Gordon Shevlin This email address is being protected from spambots. You need JavaScript enabled to view it. – OPEN POSITION Chapter Secretary - OPEN POSITION This email address is being protected from spambots. You need JavaScript enabled to view it. – Lee Neely This email address is being protected from spambots. You need JavaScript enabled to view it. – Jing Zhang-Lee