World Congress Speakers and Topics 

 

Keynote Sessions

K1: The Future Starts Today: Innovate, Collaborate and Execute

Innovation. Collaboration. Execution. In these challenging times, you need to be energized like never before! Jon and Owen use the laws of physics to illustrate the inevitable patterns of the economy — the ups and downs, recoveries, bailouts and ultimately the exhilaration of overcoming obstacles. They also demonstrate how you can Innovate, Collaborate and Execute to accomplish great things.


Jon Wee and Owen Morse

John Wee and Owen MossThe Passing Zone

The Passing Zone's Jon and Owen have published articles on Teamwork, Work-Life Balance and Taking Risks in countless industry periodicals, including EBusiness, Networking Times and Financial Executives. They were chosen as a Best Bet for entertainment by the Wall Street Journal, and Special Events Magazine named them one of the Hottest 26 Speakers. Clients such as eBay, Microsoft and IBM have invited Jon and Owen to their events to motivate attendees.

Jon and Owen are known as much for their comedy as their juggling skills. They were featured twice on the gala stage at the Just for Laughs Comedy Festival in Montreal and have opened for comedians Bill Cosby, George Carlin, Bob Newhart, Bob Hope and Penn & Teller. Television appearances have included Comic Strip Live, An Evening at The Improv, and regular returns to NBC's Today. A year ago they were guest performers at The White House.

 Return to Event Page


K2: Keeping an Eye on Tomorrow

Join global partners from Deloitte LLP, PricewaterhouseCoopers LLP, Ernst & Young LLP and KPMG LLP as they share their perspective on the future of global business and impacts on today’s business leaders.

Moderator: Kenneth L. Vander Wal

Ken Vander WalISACA 2011-2012 ISACA International President and 2010-2011 International Vice President

Vander Wal  is a retired national partner in the Technology and Security Risk Services practice of Ernst & Young, where he was responsible for the firm’s global TSRS quality and risk management program. With more than 40 years of IT experience, he has worked in multiple areas of information systems in a variety of industries, including systems development, systems programming, project management, quality assurance, IT auditing and systems security. Before joining Ernst & Young in 1979, Vander Wal worked at the Pentagon, where he developed systems to support the Department of Army staff, and for a computer software company in a systems technical support role. He is a coauthor of IT Control Objectives for Sarbanes-Oxley, 2nd Edition, published by ITGI, and serves on ISACA’s Guidance and Practices Committee, Knowledge Board, Professional Issues and Advocacy Task Force, and Strategic Advisory Council. He has served as international vice president of ISACA since 2007.


David Roath

David RoathPartner, PwC IT Risk & Security Assurance Practice 

Roath has more than 20 years of experience in IT Risk, IT security, IT audit and compliance / regulatory readiness, and a strong background in delivering IT risk management and information security assurance, privacy, data protection, third party assurance, advisory and internal audit engagements. 

Roath has led global teams and significant engagements on IT, security, business, regulatory, and audit issues surrounding Information technology, IT risk management, governance, security, privacy, data protection, regulatory and strategy assessments. His client experience ranges from working with a broad variety of global financial institutions, technology companies, and other non-financial services companies including: exchanges, money center, consumer, and international banks, savings and loan institutions, investment banks, hedge funds, electronic exchanges, broker/dealers, technology, products and services companies.  


Stephen A Barlock

Stephen BarlockPrincipal, KPMG LLP

Barlock is a principal in the San Francisco office of KPMG’s Advisory Services practice with nearly 20 years of client service and business experience. He is a member of the Information Protection Practice at KPMG, having focused extensively over the last 10 years in multiple disciplines in the information security field.  His early career experience was in designing and implementing a wide variety of technology-based business solutions and has resulted in a broad background in technology and infrastructure planning, transformation and delivery.

Barlock has substantial experience leading a variety of complex technology efforts with and on behalf of his clients. His industry experience includes high-tech, telecommunications, consumer products and resources, but Barlock has developed particularly deep industry skills in financial services and payments through multi-year relationships with companies such as American Express, Visa and several US banks. He has held leadership roles on projects demonstrating the full IT delivery lifecycle including business-IT strategy, architecture planning, systems integration, and large-scale program delivery.   


Marios Damianides, CISM, CISA, CA, CPA

Marios DamianidesPartner, Advisory Services, Ernst & Young LLP

A past international president of ISACA and the IT Governance Institute (ITGI), Damianides has more than 25 years of experience in information systems, risk management and governance, with a focus on security and enterprise risk transformations. He has worked in the US, Africa, Europe and Asia, and has served several Fortune 100 companies in various capacities. In addition, he has written many business and technical articles, and has presented papers on security, governance and controls at conferences worldwide.



Andy Daecher

Andy DaecherPrincipal, Deloitte Consulting LLP

Andy Daecher is a principal with Deloitte Consulting LLP based in San Francisco.  He leads Deloitte’s Western United States Technology Sector practice and is the managing director for Deloitte’s Consulting Practice in the San Francisco Bay Area, covering offices in San Francisco, Pleasanton and San Jose.  Daecher has been with Deloitte since 1992 and served numerous clients in technology, media and entertainment sectors including Adobe, Agilent Technologies, Electronic Arts, Hewlett Packard, Intel, Intuit, the Walt Disney Company, and Warner Brothers.

Prior to joining Deloitte, Daecher worked as an R&D engineer for AT&T Bell Laboratories from 1986 to 1992.

 

Return to Event Page


K3: The Risk of Failing to Innovate

This distinctive panel of industry experts will take an in-depth look at the importance of innovation and the global impact if we fail to innovate.

Nils Puhlmann, CISM

Nils PuhlmannChief Security Officer, Zynga

Nils Puhlmann leads Zynga’s converged security department, managing all security risks for the company and chairing the Security Risk Committee. He oversees the company’s security domains of product & application security, security engineering and architecture, investigations and incident response, security intelligence and threat assessments, physical security, security compliance and audit.

 Nils is also a Co-Founder and member of the Board of the Cloud Security Alliance.

Before joining Zynga, he served as chief security officer of Qualys, where he was responsible for security, risk management and business continuity planning.  Prior to Qualys, Puhlmann was the chief information security officer for Electronic Arts.  He was also previously the chief information security officer at Robert Half International. Prior to that, he was director global IT and security and chief privacy officer at Mindjet Corp.  Puhlmann also held senior positions at Nortel Networks and START Amadeus, and was an independent security consultant with clients such as the State of California.    


Larry Lam, CISA

Larry C.K. LamManaging Director, Maguire Asia

Larry Lam is a consultant and trainer in the areas of financial investigation, anti-money laundering, ISMS, IT assessment, internal control review, fraud risk management and corporate governance advisory.  His clients include banks, MNCs, and law enforcement agencies in Asia such as commercial crime bureau, customs, casino regulatory authority and anti-corruption agency.

For ten years prior to pursuing his passion in lecturing and consulting, he was the executive vice president and chief auditor of a large bank in Singapore where he headed a team of about 200 auditors posted in various countries in Asia.

Prior to relocating to Singapore, he held audit management positions at Stanford University, University of California and Coopers & Lybrand’s office in San Francisco. Prior to that, he spent 3.5 years as a programmer/analyst developing and maintaining financial systems for Walt Disney Company’s headquarters. 
 

Glenn O’Donnell

Glenn O'DonnellSenior Analyst, Forrester Research

O’Donnell is widely regarded as a top thought leader in automation, service management, IT operations and the broader social implications of technology evolution, leveraging his 31 years of IT experience. His specialties are in IT automation, IT management software, configuration and change management, and operational excellence. He is the co-author of The CMDB Imperative, the popular book on best practices for designing, managing and leveraging configuration management information.

Prior to joining Forrester, O’Donnell was a major force in transforming EMC’s resource management software business, as a marketing lead and strategic contributor. He is also a former analyst at META Group, where he also covered IT operations and management software. He has spent most of his 21-year career in various companies within the Bell System, including Western Electric, Bell Labs, AT&T, and finally, Lucent Technologies, where he held increasingly influential roles in technology development, IT operations, and enterprise architecture.


Moderator: Robert E. Stroud, CGEIT, CRISC

Robert StroudVice President of Innovation and Strategy, CA Technologies

Stroud is a vice president at CA Technologies and the global evangelist for service management, governance and cloud computing. He is a globally recognized author, contributor, strategist, speaker, and authority on the delivery of operations and the enterprise governance of IT. He brings his significant practical industry experience to this role including the implementation, contribution to, and writing of good practices, working with the analyst community and the global practitioner community. In his role, he is dedicated to the continuing development of industry best practices and assisting organizations deliver solutions that leverage these best practices and deliver enterprise governance of IT.

Return to Event Page


K4: What Does the Future Hold?

Brought back by popular demand, Bob Treadway, INSIGHTS 2012 Master of Ceremonies, closes the conference with a forecast of how business forces will intersect with your technology responsibilities. Gain insights into how to examine the next decade for your enterprise, departments and career in an uncertain and volatile business environment. Treadway is noted for his ability to couple research, his own client experiences and the insights of industry leaders into a package of understandable concepts and actionable recommendations.

Bob Treadway

Bob TreadwayFuturist and Strategy Advisor

Bob Treadway is an internationally recognized advisor to organizations and leaders on strategy, foresight, and the future. Clients like Gillette, Berkshire Hathaway, Motorola, ExxonMobil, the Federal Reserve, Syngetna, Quaker Oats, Weyerhaueser, the National League of Cities, Dow, Humana, AT&T, and the Social Security Administration retain Treadway to help them expand their thinking, envision the operational environments of tomorrow, form strategy and take action. Before moving into futurism, forecasting and consulting, Treadway was an executive and principal in the broadcasting industry.

Return to Event Page

 

Executive Panel Discussions: Integration of Business and IT

Chief Audit Executives, Chief Information Security Officers and Chief Information Officers share their insights on the integration of business and IT. They will discuss their individual, critical roles in ensuring an enterprise’s trust in, and value from, information systems. These business leaders will debate current issues, concerns and trends in technology and security that impact their organizations and their roles, the value of effective communication and what keeps them awake at night. Among topics to be discussed are cloud computing, mobile computing, sustainability, business analytics, alignment of IT and business goals, security, emerging risks, governance and more.

 

EP1: Insights from Chief Security Officers and Chief Information Security Officers


CSO/CISOs share and their candid insights on:

  • CyberSecurity—managing reputational risk in a highly innovative world
  • The increasing impact of privacy concerns on security programs
  • Managing risk for the business without losing sight of compliance
  • 5G mobile devices and a new generation later—the impact on the world of security

Christos Dimitriadis, CISA, CISM, CRISC

Christos DimitriadisHead of Information Security, Intralot S.A.

Dimitriadis is international vice president of ISACA and chair of the COBIT Security Task Force. He also is head of information security for INTRALOT GROUP, a multinational supplier of integrated gaming and transaction processing systems based in Greece, managing information security in more than 50 countries on six continents. Dimitriadis has served ISACA as chairman of the External Relations Committee and member of the Relations Board, Academic Relations Committee, ISACA Journal Editorial Committee and Business Model for Information Security Workgroup.

Dimitriadis has been working in the area of information security for 11 years and has authored 70 publications in the field. He has been providing information security services to the ITU, European Commission Directorate Generals, European Ministries and international organizations, as well as business consulting services to entrepreneurial companies. 

 

Patrick Howard, CISM

Patrick HowardSenior Consultant, SecureInfo, a Kratos Company  

Howard serves as the CISO for the Lockheed Martin Antarctic Support Contract in support of the National Science Foundation’s U.S. Antarctic Program (USAP).  He is responsible for overseeing information security, privacy and risk management for USAP information and systems. Prior to his retirement from the federal government, Howard served as the CISO at the Nuclear Regulatory Commission in Rockville, Maryland from 2008-2012.  His efforts there resulted in the Office of Management and Budget assigning the NRC’s cyber security program the fourth highest compliance score among the 24 largest government agencies for FY2011.

 

Brent Conran, CISA, CISM

Brent ConranChief Security Officer Global, McAfee

Conran is CSO at McAfee, Inc., where, he leads operational risk management activities to enhance the value of the McAfee brand, ensuring the development and implementation of global security policy, standards and procedures. Responsible for safeguarding the company’s assets, intellectual property, and computer systems, Conran works closely with McAfee employees and executives, government agencies, as well as local, state, and federal law enforcement to ensure optimum security.

In his previous role, Conran held dual responsibilities as both the chief information officer and the chief information security officer for the US House of Representatives, where he managed the IT operations necessary to facilitate a robust computing environment for the Members of Congress.


Mark Weatherford, CISM

Mark WeatherfordDeputy Under Secretary for Cybersecurity for the National Protection and Programs Directorate

Mark Weatherford is the Deputy Under Secretary for Cybersecurity for the National Protection and Programs Directorate (NPPD), a position that will allow DHS NPPD to create a safe, secure, and resilient cyberspace. Weatherford has a wealth of experience in information technology and cybersecurity at the Federal, State and private sector levels.

Weatherford was previously the vice president and chief security officer of the North American Electric Reliability Corporation (NERC) where he directed the cybersecurity and critical infrastructure protection program.

Before NERC, Weatherford was with the State of California where he was appointed by Governor Arnold Schwarzenegger as the state’s first chief information security officer. Prior to California, he served as the first chief information security officer for the State of Colorado, where he was appointed by two successive governors. Previously, as a member of the Raytheon Company, he successfully built and directed the Navy/Marine Corps Intranet Security Operations Center (SOC) in San Diego, California, and also was part of a team conducting security certification and accreditation with the U.S. Missile Defense Agency. A former U.S. Navy Cryptologic Officer, Weatherford led the U.S. Navy’s Computer Network Defense operations and the Naval Computer Incident Response Team (NAVCIRT).

Weatherford holds the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM) certifications. He was awarded SC Magazine’s prestigious “CSO of the Year” award for 2010 and named one of the 10 Most Influential People in Government Information Security for 2012 by GovInfo Security.


Moderator: Nils Puhlmann, CISA

Nils PuhlmannChief Security Officer, Zynga
INSIGHTS 2012 Conference Task Force Member

 Nils Puhlmann leads Zynga’s converged security department, managing all security risks for the company and chairing the Security Risk Committee. He oversees the company’s security domains of product & application security, security engineering and architecture, investigations and incident response, security intelligence and threat assessments, physical security, security compliance and audit.

Nils is also a Co-Founder and member of the Board of the Cloud Security Alliance.

Before joining Zynga, he served as chief security officer of Qualys, where he was responsible for security, risk management and business continuity planning.  Prior to Qualys, Puhlmann was the chief information security officer for Electronic Arts.  He was also previously the chief information security officer at Robert Half International. Prior to that, he was director global IT and security and chief privacy officer at Mindjet Corp.  Puhlmann also held senior positions at Nortel Networks and START Amadeus, and was an independent security consultant with clients such as the State of California.

 

Return to Event Page


EP2:  Insights from Chief Information Officers and Chief Technology Officers


CIO/CTOs share their candid  insights on:

  • Emerging technologies: What does their crystal ball say?
  • New role: CIO vs CTO
  • Role of technology in revenue growth
  • Impact of business driving the technology decisions
  • Technology expectations from your customer’s point of view
  • Are you becoming the chief innovation officer?
  • Preparing the work force for change


John Bumgarner

John BumgarnerCTO, U.S. Cyber Consequences Unit

 

 


 

Robert Clyde, CISM

Rob ClydeCEO, Adaptive Computer

A recognized industry leader, Clyde has more than 25 years experience as an enterprise software executive with demonstrated leadership success at startup companies to large companies, including Symantec and Axent Technologies. An Internet security pioneer and innovator, he is credited with the creation of the first commercial intrusion detection system and led the business unit that developed and brought to market the first security compliance product. As chief technology officer at Symantec, Clyde defined Symantec’s technology strategy and was a key part of the management team that drove the company to grow from slightly under $1B in revenue to over $5B in five years. He also serves as a member of the board of directors for Telligent and PasswordBank.

  

Stephen Ibaraki

Stephen IbarakiAdvisor to Global Board, Global IT Community Association (GITCA)

Ibaraki has earned more than 50 national and international awards, roles and recognitions. A sampling of his elections include: founding CIPS Fellow; founding NPA Distinguished Fellow; founding first Global GITCA Fellow; Canadian IT Hall of Fame; Global Hall of Fame. Ibaraki has achieved multiple lifetime achievement awards, multiple leadership and technology awards from industry, business, government, media, academia and education plus he serves internationally with more than 30 concurrent senior roles.

  

Moderator: Glenn O’Donnell

Glenn O'DonnellSenior Analyst, Forrester Research

At Forrester, O’Donnell leverages his 31 years of IT experience to serve IT Infrastructure and Operations professionals. He is widely regarded as a top thought-leader in automation, service management, IT operations, and the broader social implications of technology evolution. He coauthored The CMDB Imperative, the popular book on best practices for designing, managing and leveraging configuration management information.


Return to Event Page


EP3: Impact of Outsourcing from the Perspective of the C-Suite

The C-Suite shares their thoughts on:

  • Is outsourcing always the right solution?
  • What to do about key resource risks the outsourcer suffers
  • Privileged user management
  • Auditing the outsourcer
  • Knowledge retention and compromising of corporate memories
  • Innovation and resources

Gregory Grocholski, CISA

Greg GrocholskiChief Audit Executive, Auditor, Dow Chemical Company
ISACA Incoming International President 2012-2013 and current International Vice President

Grocholski is chief audit executive at The Dow Chemical Company, where he is responsible for independently assessing the adequacy of accounting, financial and operating controls of Dow’s global operations. In this role, Grocholski has responsibility for corporate auditing, fraud investigative services and contract auditing. In addition, he is a standing ad hoc member of Dow’s global and regional ethics and compliance committees.

Grocholski is also a member of ISACA’s Audit Committee, Finance Committee, Professional Influence and Advocacy Committee, and Professional Issues Task Force. He has been a member of the Knowledge Board and Strategic Advisory Council, and has been ISACA’s Assurance Committee chair.

.

Robert Clyde, CISM

Rob ClydeCEO, Adaptive Computer 

A recognized industry leader, Clyde has more than 25 years experience as an enterprise software executive with demonstrated leadership success at startup companies to large companies, including Symantec and Axent Technologies. An Internet security pioneer and innovator, he is credited with the creation of the first commercial intrusion detection system and led the business unit that developed and brought to market the first security compliance product. As chief technology officer at Symantec, Clyde defined Symantec’s technology strategy and was a key part of the management team that drove the company to grow from slightly under $1B in revenue to over $5B in five years. He also serves as a member of the board of directors for Telligent and PasswordBank.  

 

Ronald Saull, CGEIT

Ron SaullExecutive Vice President and CIO, Great West Life and IGM Financial

Saull is responsible for the strategic application of IT and integration of information services spanning Canada, the United Kingdom, Isle of Man, Ireland, Germany and Hong Kong/Macau.

Saull is a member of ISACA’s Strategic Advisory Council and has been chair of the IT Governance Institute (ITGI) Advisory Panel; a member of the ITGI Committee; past vice president of ISACA’s International Board of Directors and served on the COBIT Steering Committee and as chairman of ISACA’s Research Board. He also was a trustee on the International Board of Trustees of ITGI. He published an article on the IT Balanced Scorecard in the Information Systems Control Journal and presented on this topic at ISACA conferences worldwide. Saull has more than 20 years of experience as an information system professional and manager in both the public and private sectors.

Brent Conran, CISA, CISM

Brent ConranChief Security Officer Global, McAfee

Conran is CSO at McAfee, Inc., where, he leads operational risk management activities to enhance the value of the McAfee brand, ensuring the development and implementation of global security policy, standards and procedures. Responsible for safeguarding the company’s assets, intellectual property, and computer systems, Conran works closely with McAfee employees and executives, government agencies, as well as local, state, and federal law enforcement to ensure optimum security.

In his previous role, Conran held dual responsibilities as both the chief information officer and the chief information security officer for the US House of Representatives, where he managed the IT operations necessary to facilitate a robust computing environment for the Members of Congress.

 

Moderator: Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC

Jo Stewart-RattrayDirector of Information Security and IT Assurance, BRM Holdich

Stewart-Rattray is director of information security and IT assurance at BRM Holdich. She has more than 25 years of experience in the IT field; some of which were spent as CIO in the utilities space, and 16 years in the information security arena. She specializes in consulting in information security issues, with a particular emphasis on governance in both the commercial and operational areas of businesses. Stewart-Rattray provides strategic advice to organizations across a number of industry sectors, including banking and finance, utilities, automotive manufacturing, tertiary education, retail and government.

Return to Event Page


EP4:  Insights from Chief Financial Officers

CFO’s share their candid insights on:

  • Globalization and cost of capital
  • Technology’s role in revenue growth and innovation
  • How to manage the spending
  • IT investments trending and impact on business
  • Analytics and improved decision-making and insights
  • Knowledge management
  • Post investment audits


Viraj Patel

Viraj PatelCFO, Deeya Energy

Viraj Patel is a seasoned finance executive with over 25 years of multinational experience in technology, life sciences and industrial companies. Patel is currently serving as the CFO of Deeya Energy (a late stage VC-backed energy storage company). Patel has also served as a CFO of UTStarcom and Avanti (acquired by Synopsys). Patel has also served as a key finance executive finance at Nektar Therapeutics and Pall Corporation, New York). Patel began his professional career at Pricewaterhouse, New York. He is a Certified Public Accountant from the State of New York and is a member of the New York State Society of CPAs and a member of the American Institute of Certified Public Accountants. Viraj has recently been elected to serve as the Audit Committee Chair of Helios and Matheson).

 

Moderator: Michael Juergens, CISA, CGEIT, CRISC

Michael JuergensPrincipal, Audit Enterprise Risk Services, Deloitte and Touche, LLP
INSIGHTS 2012 Conference Co-Chair 

Michael Juergens serves as the Deloitte Pacific Southwest control assurance practice leader and is a national champion of the organization’s spreadsheet management solutions service offering. He has more than 16 years of professional experience and serves a number of Fortune 500 clients as the lead or advisory internal controls principal.

Juergens speaks nationally on internal controls topics and is the primary author of the Institute of Internal Auditor’s Global Technology Audit Guide 5, Management of IT Auditing. He has primary responsibility for ISACA's technical training program, and serves on various committees and task forces for ISACA and The Institute of Internal Auditors.

Return to Event Page


EP5:  Insights from the Chief Audit Executives

CAEs share their candid insights on:

  • The impact of technology on the organization
  • What are they contributing to the organization’s technology strategy
  • Impact of current trends on capability maturity model of the audit/risk management function
  • Managing fraud
  • Auditing in a mobile environment
  • Challenges with ensuring alignment with the business strategy
  • Their role in the organization’s ability to innovate

Sanjay Singh

Sanjay SinghVice President Internal Audit, Starbucks Coffee Company 

Singh serves as the vice president and global leader for the internal audit function at Starbucks. His US, international and emerging markets experience includes more than two decades in diverse areas of business and corporate finance at a number of large and predominantly multinational corporations in a variety of industries. Singh is a CPA (Certified Public Accountant), a CMA (Certified Management Accountant) and a CIA (Certified Internal Auditor).  Over the last five years, he has done considerable work to develop process efficiency and standardization to facilitate efficient and effective operations for smaller, US-based multinational not-for-profit organizations. 


Susan Insley

Susan InsleyVice President, Internal Audit, VMware

Insley has spent her time at VMware establishing the internal audit function focused on building business risk awareness in a fast-paced environment, providing an efficient and effective SOX assessment and partnering with the Legal team on investigations. Insley joined VMware after spending two years at VeriSign founding the Internal Audit and Ethics and Compliance programs.  Prior to VeriSign, she spent 15 years serving in various internal audit and operational finance roles at Intel Corporation including leadership of international audit, investigations and ethics teams. 

 

Janet Chapman

Janet Chapman

 SVP General Auditor, Union Bank

In a 25-year career in financial services, Chapman has developed expertise as both an internal audit professional and as a systems integrator. She joined Union Bank, an $80bn bank based in San Francisco, in September 2008 as deputy general auditor and was appointed general auditor in December 2009. In this role, Chapman reports to the Audit and Finance Committee of the Board of Directors. Since becoming General Auditor, she has led significant change in the audit practices at Union Bank designed to respond to the regulatory drive for improved risk management in large banks.

Prior to joining Union Bank, Chapman was responsible for the internal audit program for the retail and institutional businesses at Charles Schwab. Chapman joined Schwab from Robert Half International where she filled a number of roles helping the company transform its IT infrastructure to support the company’s significant growth and in the implementation of a number of major systems upgrades. Her earlier career was spent with Accenture working with a wide variety of financial services organizations managing large scale systems implementations both in the US and the UK. She began her career in London with Arthur Andersen where she qualified as a Chartered Accountant.  

 

Denny Beran

Denny Beran

Retired Senior Vice President-Audit, J.C. Penney Co., Inc.

Beran, senior vice president and director of audit at JC Penney Co. Inc., was elected 2011-2012 chairman of the board. As The IIA’s chief spokesperson and advocate for the internal audit profession worldwide, Beran chose “Assess Our Relevance,” as his 2011-2012 chairman’s theme. He believes that internal auditors must continue to become more relevant to both their stakeholders and their profession. As he speaks to The IIA’s constituents and 170,000 members around the globe, he encourages fellow practitioners to assess their own relevance and to strive to be an indispensable asset to their organizations.

 

Moderator: The Honorable Theresa Grafenstine, CISA, CGEIT, CRISC

Theresa GrafenstineInspector General, U.S. House of Representatives
INSIGHTS 2012 Conference Task Force Member

Grafenstine is the fourth person and first woman to be appointed as the Inspector General of the House. She has been with the House OIG since 1998. During her time with the House OIG, Grafenstine led many ground-breaking audits, including the first-ever review of the House Complex fire and emergency response program, as well as numerous security and internal control assessments, including the deployment of Active Directory, and the House payroll and financial management systems.


Return to Event Page


EP6:  Is Cloud Just the Tip of the Iceberg?

Industry executives share their insights on:

  • From the cloud to the black hole
  • What cloud strategies are working?
  • Whoever has the data has the power
  • What would the world look like if the cloud didn’t exist?
  • Impact on audit
  • Does the cloud help or hurt innovation?


Jeff Spivey, CRISC

Jeff SpiveyPresident, Security Risk Management, Inc.

Spivey is international vice president of ISACA, a trustee of the IT Governance Institute (ITGI) and a founder of the Alliance for Enterprise Security Risk Management (AESRM), a collaboration of ISACA and ASIS International.

He is president of Security Risk Management Inc. (SRM), a security consulting firm headquartered in Charlotte, North Carolina, USA, founded in 1989 and providing strategic security risk consulting to Fortune 500 companies and international organizations. Spivey is also a vice president with RiskIQ, a risk intelligence firm based in San Francisco, identifying online threats to business using real-time intelligent risk assessments.  

Spivey is a regular author in security and risk trade journals and has been a featured speaker at security, risk management, law enforcement, and counter-terrorism conferences throughout the world.

He is a member of the US State Department’s Overseas Security Advisory Council (OSAC), and serves on the Advisory Board for the National Center for Judicial Security of the US Department of Justice. Spivey is a founding member of the Cloud Security Alliance and a past president and past chairman of the board for ASIS International.  

 

Marc Vael, CISA, CISM, CGEIT

Marc VaelChief Audit Executive, Smals

Vael started the IT audit department at Arthur Andersen Belgium with two colleagues. In 2002, he became director at KPMG Advisory Belgium, and was also national CISO and data protection officer until 2007. Currently Vael is chief audit executive at Smals, a Belgian IT company with more than 1,800 employees working primarily for Belgian Federal Social Security Institutions.

Vael has more than 15 years active experience in evaluating, designing, implementing and monitoring solutions on risk and information security management, incident and business continuity management, data protection/privacy and IT audit. He is a passionate speaker and published author involved with research and innovation in his core expertise domains. Vael is guest lecturer at AMS and deputy member of the Flemish Privacy Commission since 2010.

 

Jim Reavis

Jim ReavisExecutive Director, Cloud Security Alliance

Reavis is president of Reavis Consulting Group, LLC, editor of the Risk Bloggers web site and a partner with the MetroSITE Group. He co-founded the Cloud Security Alliance and serves as its executive director. He was a co-founder of the Alliance for Enterprise Security Risk Management, a partnership between ISSA, ISACA and ASIS, formed to address the enterprise risk issues associated with the convergence of logical and traditional security.

Reavis has been an international board member of ISSA and formerly served as the association’s executive director. He currently serves in an advisory capacity for many of the industry's most successful companies.

Reavis founded SecurityPortal in 1998 and has been an advisor on the launch of many industry ventures. He was also formerly chief marketing officer for VIGILANTe, a European security software company. He has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist.

 

Moderator: Robert E. Stroud, CGEIT, CRISC

Robert StroudVice President, Innovation and Strategy, CA Technologies
INSIGHTS 2012 Conference Co-Chair

Stroud is a vice president at CA Technologies and the global evangelist for service management, governance and cloud computing. He is a globally recognized author, contributor, strategist, speaker and authority on the delivery of operations and the enterprise governance of IT. He brings his significant practical industry experience to this role including the implementation, contribution to, and writing of good practices, working with the analyst community and the global practitioner community. In his role, he is dedicated to the continuing development of industry best practices and assisting organizations deliver solutions that leverage these best practices and deliver enterprise governance of IT.

Return to Event Page


EP7:  Governance/Board Insights: A Panel Discussion

Governance experts share their insights on:

  • Changing organizational culture to understand that business reforms are owned by business leaders
  • How to achieve alignment between the business and IT
  • Board members and executives being up to the job when it comes to managing business and IT investments
  • Cost benefit analysis and benefits realization
  • Innovation's impact on an organization's future success


Stephen Ibaraki

Stephen IbarakiAdvisor to Global Board, Global IT Community Association (GITCA)

Stephen Ibaraki holds more than 50 national and international awards, roles and recognitions. A sampling of Ibaraki's elections include: founding CIPS Fellow; founding NPA Distinguished Fellow; founding first Global GITCA Fellow; Canadian IT Hall of Fame; Global Hall of Fame.

Ibaraki has achieved multiple lifetime achievement awards, multiple leadership and technology awards from industry, business, government, media, academia and education plus Ibaraki serves internationally with more than 30 concurrent senior roles.

 

James Golden, CISM, CGEIT, CRISC

James GoldenAssociate Partner IT Governance and Cyber Security, IBM

Golden is a results-oriented executive with knowledge and experience in the management and governance of information and information technology in very large enterprises. He has a proven track record in IT governance, risk management and information security, and has served on multiple advisory committees and professional boards in theses disciplines. He has also very successfully run several very large multi-million-dollar programs that have achieved or exceeded corporate/business objectives by focusing on organization and planning, resources management, behavioral change management, transparency, and accountability with all programs on time, of high quality, and under budget.


Peter R. Gleason

Managing Director & CIO, National Association of Corporate Directors

Gleason is managing director for the National Association of Corporate Directors (NACD), devoted exclusively to serving the information and educational needs of corporate directors. He is a member of NACD’s national faculty and a frequent presenter on governance topics. He currently hosts NACD BoardVision, appearing on CNBC’s SquawkBox and PowerLunch, Reuters TV and NPR’s Marketplace, and is regularly quoted in the national media.  He oversees all of NACD’s Blue Ribbon Commission Reports, and has served as a Commissioner on each report issued over the past 11 years, including the most recent releases on Lead Director, Performance Metrics, Audit Committees, and Risk Governance.  Gleason is currently a member of the Business Advisory Board of Nura Life Sciences, LLC, a privately-held, development-stage health care company and is a past director of The Patriot Fund. He was also a member of the Executive Advisory Panel for the Open Compliance & Ethics Group (OCEG).   

Before joining NACD, Gleason was a management consultant with both Ernst & Young and with Pritchett & Associates.  In addition, Gleason spent eight years in the research department at Institutional Shareholder Services including service as vice president and director of US Research. 


Moderator: Tony Hayes, CGEIT

Tony HayesAssociate Director General of the Department of Communities, Queensland Government

Tony Hayes is international vice president of ISACA and associate director-general, Department of Communities, Queensland. He has extensive experience across the Queensland public sector in a variety of senior executive positions in line and central agencies. He has worked on various government projects, change management initiatives and task forces, and in line management positions in many departments in the Queensland Government. Recently, he has worked in Queensland Health, the former Service Delivery and Performance Commission, the Public Service Commission and now the Department of Communities.

Hayes has specialist experience and skills in strategic management and planning, organizational review and business process improvement, information and business strategy development, change management, and project management.

Return to Event Page

 

Interviews

I1:  Crisis Management: Lessons Learned from Recent Global Catastrophes

Discussion topics to include:

  • Managing information to ensure effective decision making during a crisis
  • Business and IT Aspects of Business Continuity Planning
  • Knowledge sharing
  • Impact on global institutional memory
  • Information sharing and coordination
  • Who’s responsible and what are they responsible for?
  • Lessons learned from the floods in Australia, the earthquake in Japan and other disasters

Guest: Tony Hayes, CGEIT

Tony HayesAssociate Director General of the Department of Communities, Queensland Government

Tony Hayes is international vice president of ISACA and associate director-general, Department of Communities, Queensland. He has extensive experience across the Queensland public sector in a variety of senior executive positions in line and central agencies. He has worked on various government projects, change management initiatives and task forces, and in line management positions in many departments in the Queensland Government. Recently, he has worked in Queensland Health, the former Service Delivery and Performance Commission, the Public Service Commission and now the Department of Communities.

Hayes has specialist experience and skills in strategic management and planning, organizational review and business process improvement, information and business strategy development, change management, and project management.


Guest: Hironori Goto, CGEIT, CISM, CISA, CRISC

Hironori GotoDeputy Operations Head, AXA Technology Services Japan 

Goto is the deputy “end to end” operation head at AXA Technology Services Japan, where he has full BCM responsibility. Goto’s first experience activating DRP/BCP/BCM occurred in March 2011. He has since renewed the program at AXA. Previously, Goto was with the Ford Motor Company.

 

 


Host: Marc Vael, CISA, CISM, CGEIT

Marc VaelChief Audit Executive, Smals

Vael started the IT audit department at Arthur Andersen Belgium with two colleagues. In 2002, he became director at KPMG Advisory Belgium, and was also national CISO and data protection officer until 2007. Currently Vael is chief audit executive at Smals, a Belgian IT company with more than 1800 employees working primarily for Belgian Federal Social Security Institutions.

Vael has more than 15 years active experience in evaluating, designing, implementing and monitoring solutions on risk and information security management, incident and business continuity management, data protection/privacy and IT audit. He is a passionate speaker and published author involved with research and innovation in his core expertise domains. Vael is guest lecturer at AMS and deputy member of the Flemish Privacy Commission since 2010. 

Return to Event Page


I2:  The Impact of Privacy on Business

Discussion topics to include:

  • Privacy as a road block to an organization’s ability to grow
  • Is there a different approach to privacy?
  • Role of the Chief Privacy Officer in ensuring organization’s overall success
  • How do organizations innovate when privacy issues get in their way?

Guest: Janet F. Chapman

Janet F. ChapmanSVP & Chief Privacy Officer, Union Bank

Chapman serves as senior vice president, chief privacy officer and manager, corporate compliance, at Union Bank in San Francisco. Union Bank is among the top 25 largest banks in the United States.

She also serves as vice chair of the Privacy Working Committee of the Financial Services Roundtable (FSR) and, as a member of FSR BITS Regulatory Steering Committee, and the Advisory Board for International Association of Privacy Professionals (IAPP)’s Privacy Tracker. She is a founding member of the advisory board of the Ponemon Institute’s Responsible Information Management Council, a Certified Information Privacy Professional (CIPP) and a frequent speaker on privacy issues.

Chapman is the former chief privacy officer (CPO) for The Charles Schwab Corporation. Prior to that, Chapman also served as a member of the Board of Directors of the International Association of Privacy Professionals (IAPP), and chair of the Privacy Committee of the Securities Industry and Financial Markets Association (SIFMA).


Guest: Leslie Lambert, CISM, CRISC

Leslie LambertVice President & Chief Information Security Officer, Juniper Networks

Leslie Lambert is vice president of information technology and chief information security officer (CISO) at Juniper Networks; a leading security vendor serving thousands of enterprise customers worldwide. Lambert is responsible for overall IT Security Management, including intrusion detection, threat vulnerability assessments, incident management, security awareness, prevention and protection against SPAM and malware attacks, policies/standards/procedures development and deployment. Lambert has 30 years of experience in Information Technology and technical/business infrastructure.

Prior to joining Juniper Networks, Ms. Lambert was with Sun Microsystems, Inc. and held several critical IT roles: chief information security officer, vice president of IT strategy and architecture, vice president of service management and systems engineering practices, vice president of demand creation systems IT, as well as vice president of both the iPlanet and Software Systems Group divisions.

Lambert’s experiences range from Control Systems Design to the delivery, implementation and management of IT systems and infrastructure. Her experience covers the industries of oil and gas, engineering and construction, evaluation research, customer training, CAD/CAE, and information Technology, where she gained significant hands-on operational, architectural, and management experience.


Aaron Weller, CISA, CISM, CGEIT

Aaron WellerManaging Director, PricewaterhouseCoopers, LLC, Data Protection and Privacy Practice

Aaron Weller is a managing director in PwC’s Data Protection & Privacy practice. Weller helps organizations understand the information that is important to them, and the business processes that use it. He then assists with designing and implementing appropriate processes and technologies to optimize the benefits received from this data while managing the risks.

Prior to his role at PwC, Weller spent 15 years in a variety of consulting and operational roles including time spent as a director of information security and technology risk & security manager. He also co-founded and managed a privacy consulting firm.

Weller holds a number of certifications and credentials including CIPP/IT, CISSP-ISSMP, ISO27001 Lead Implementer and CGEIT. He also holds a certificate in Information Assurance and Cybersecurity from the University of Washington.

Weller served a term as Vice President of the Puget Sound chapter of the Information Systems Security Association and held a board position with ISACA in Australia. He has presented on information security at a national and international level and has authored several white papers.


Host: Markus Bittner, CISA, CISM, CGEIT

Markus BittnerExecutive Director, Straight Advisor LTD
INSIGHTS 2012 Conference Task Force Member

Markus Bittner spent several years as head of IT in the logistics field of the German Air Force and as IT security and safety consultant for an insurance related consulting company.  He was also a manager and partner for two big audit firms. Since 2004, Bittner has been executive and managing director of Straight Advisors focusing on privacy, IT security, IT governance and compliance, and IT evaluation. 

  

Return to Event Page


I3:  Cyber Security: The Evolving Landscape

Discussion to provide insights:

  • Changing threats.
  • What is immediately around the corner?
  • Corporate espionage to common information sharing.
  • Cyber harassment’s impact on the business related issues.
  • Moving from physical to cyber world.

Guest: Dr. Udo Helmbrecht

Udo HelmbrechtDirector, European Network Information Security Agency (ENISA)

Helmbrecht has more than 30 years of professional management experience in the IT sector. His experience in the field of security has been acquired through various sectors of society, which include: energy industry, insurance, engineering, aviation, defense, and space industry. He became the president of the German Federal Office for Information Security (BSI) in 2003. He has held a variety of lectures on IT security and data processing at universities in Dortmund and Munich.

Helmbrecht took office as executive director of the European Network and Information Security Agency (ENISA) in October 2009.


Guest: Lee Badger

Lee BadgerIT Specialist, Computer Security Division, Systems & Emerging Technologies Security Research Group, National Institute of Standards and Technology

Lee Badger is a computer scientist at the National Institute of Standards and Technology (NIST), and manages the Security Components and Mechanisms group in the Computer Security Division of NIST’s Information Technology Laboratory. Badger has over 20 years of experience with computer security research, with a focus on operating systems and access control. Prior to joining NIST in 2008, Badger served as a Defense Advanced Research Projects Agency (DARPA) program manager for 6 years where he funded and managed a variety of programs focusing on self-regenerating systems, intrusion tolerance, self-defending applications, software security analysis, and software producibility. Prior to joining DARPA, Badger led development efforts culminating in implementations of Domain and Type Enforcement (DTE) for UNIX, a DTE-enforcing firewall, a Generic Software Wrappers system for UNIX, and application of software wrappers for intrusion detection.


Host: Marc Vael, CISA, CISM, CGEIT

Marc VaelChief Audit Executive, Smals

Vael started the IT audit department at Arthur Andersen Belgium with two colleagues. In 2002, he became director at KPMG Advisory Belgium, and was also national CISO and data protection officer until 2007. Currently Vael is chief audit executive at Smals, a Belgian IT company with more than 1800 employees working primarily for Belgian Federal Social Security Institutions.

Vael has more than 15 years active experience in evaluating, designing, implementing and monitoring solutions on risk and information security management, incident and business continuity management, data protection/privacy and IT audit. He is a passionate speaker and published author involved with research and innovation in his core expertise domains. Vael is guest lecturer at AMS and deputy member of the Flemish Privacy Commission since 2010.  

Return to Event Page


I4:  What Happens When You Mix Chaos, Pirates, Counterfeiters and Geeks

Discussion to provide insights on:

  • Dangers of allowing online criminals to behave exactly like the Barbary pirates of 200 years age
  • Impact of globalization on IT security
  • Cutting through the hype surrounding security to focus on what organizations really need to do to protect themselves from online threats

Guest: Marcus Sachs

Marcus SachsVice President, National Security Policy, Verizon Communications

Sachs is also Vice Chair of the Communications Sector Coordinating Council. He serves on several other public/private working groups in Washington and was a member of the CSIS Commission on Cyber Security for the 44th Presidency. From 2003 to 2010 he volunteered as Director of the SANS Internet Storm Center. He retired from the U.S. Army in 2001 following a 20-year career and was appointed by the President to serve in the White House Office of Cyberspace Security in 2002-2003.


Host: Ramsés Gallego, CISM, CGEIT

Ramses GallegoSecurity Strategist and Evangelist, Quest Software

Ramsés Gallego is security strategist and evangelist at Quest Software, where he also oversees the deployment of services. With a background in business administration and law, Gallego has more than 15 years of security experience with expertise in risk management and governance. Before joining Quest Software, he worked at CA Technologies for eight years, was regional manager for SurfControl in Spain and Portugal, and most recently was chief strategy officer of the security and risk management practice at Entelgy.

Return to Event Page


I5:  Good to Great to Global: Impact of Technology Making the World Smaller

Discussion to provide insights on:

  • Going from a domestic to global operating model
  • Evolving staffing requirements and impact on recruiting
  • New corporate risk profile of a global company
  • What type of image are organizations creating for visiting domestic staff, potential recruiting activities and potential client base?

 

Guest: David Foote

David FooteCEO, Foote Partners LLC

Foote is an IT industry research pioneer, innovator, and one of the most quoted industry authorities on global IT workforce trends and multiple facets of the human side of technology value creation. His two decades of groundbreaking research and analysis of IT-business cross-skilling and the integration of technology and business management, and his leadership in developing innovative skills demand and compensation benchmarking has won him a place on a short list of thought leaders in these areas. A keen predictive trends analyst for more than 20 years, he built his reputation at Gartner, META Group, and at several Silicon Valley technology companies prior to co-founding Foote Partners in 1997. There he leads a senior team of former McKinsey & Company, Gartner and Towers Watson analysts and consultants, and former HR, IT and business executives and managers, in publishing more than 100 quarterly-updated IT benchmark and market trends reports supported by continuous data collection involving 127,000 IT and IT-business hybrid professionals at 2,350 research partner companies. A popular featured opinion columnist, conference speaker, Web communicator, and regular contributor to countless online, print, radio, and television media sources, Foote’s research-backed forecasts and analyses reach a weekly global audience of millions of business and technology professionals.


Guest: Theodore Wolff, CISA

Theodore WolffSenior IT Manager, Vanguard

As a senior manager at Vanguard with leadership responsibility for the corporate IT audit group, Wolff has filled various staff and leadership roles during his 20 years of audit experience with large financial institutions such as Wachovia Corporation and FleetBoston Financial Group. During his audit career, he has championed concepts such as integrated auditing and continuous auditing practices.

 

Host: The Honorable Theresa Grafenstine, CISA, CGEIT, CRISC

Theresa GrafenstineInspector General, U.S. House of Representatives
INSIGHTS 2012 Conference Task Force Member

Grafenstine is the fourth person and first woman to be appointed as the Inspector General of the House. She has been with the House OIG since 1998. During her time with the House OIG, Grafenstine led many ground-breaking audits, including the first-ever review of the House Complex fire and emergency response program, as well as numerous security and internal control assessments, including the deployment of Active Directory and the House payroll and financial management systems.

Return to Event Page


I6:  Social Media: The Internet of People

Discussion to provide insights on:

  • As a business what should we be doing?
  • Generational diversity.
  • Business impact of social media’s ability to overthrow governments.
  • Proper strategy and protection.
  • Role of social media in innovation.

Guest: Jeff Auker

Jeff AukerDirector Advisory, PricewaterhouseCoopers

Auker is a leader of PwC's global Customer Impact practice, with more than 15 years of executive and consulting experience driving the modernization of enterprise marketing, strategy, and collaborative business practices. Auker also leads PwC's cross-industry, global thinking on the value and risks that social media and collaborative tools bring to today's enterprise, including unlocking the business intelligence present in social media conversations, creating and nurturing digitally enabled communities, and measuring and optimizing sustained social engagements.

Prior to joining PwC, Auker held executive positions in strategy, marketing, ecommerce and communications at The Hartford, following his earlier career leading and developing high-tech and dot-com startups in various industries including electronic security, insurance and ecommerce.

 

Guest: Christoper Curran

Christoper CurranPrincipal Advisory, PricewaterhouseCoopers, LLC

Chris Curran is a principal and technology strategy and innovation leader for PwC. In this role, he directs PwC's development of new market offerings and intellectual capital and its group of deep business and technology experts. Curran also leads the firm’s Innovation Labs, a proving ground for innovative mobile, social media, smart systems, e-commerce and other complex technology concepts.

Curran helps clients create their next competitive advantage by applying information technology to drive both business growth and cost efficiency. He has helped CIOs define their IT organizations, IT management practices, governance structures and enterprise architectures at some of the most robust and successful enterprises in operation today and has successfully led teams on dozens of mission-critical, $100+ million projects.

Curran’s industry experience spans insurance, healthcare, retail, consumer products, software and telecommunications. Prior to joining PwC, Curran was a partner, CTO and member of the management committee with Diamond Management & Technology Consultants.

Guest: Husam Brohi, CISA

Husam BrohiDirector, PricewaterhouseCoopers

Brohi is a director in PwC’s Risk Assurance practice. He has more than nine years of experience specializing in both assurance and advisory services, with a specific concentration in organization design, program strategy and planning, and regulatory compliance.

During the past five years Brohi has been advising large and complex financial service clients in the strategy through implementation of programs designed to meet commitments to federal regulatory bodies. He is also responsible for and involved in a wide range of assignments that include:  IT Risk Management Experience, Key Risk Monitoring Experience, Information Security Policy Development and Deployment Experience, and Privacy and Data Protection. Brohi’s certifications include, CISSP, CISA and CPHIT.

 

Guest: PWC Panel Strategy and Innovation Readiness and Execution Risk Management

 

Host: The Honorable Theresa Grafenstine, CISA, CGEIT, CRISC

Theresa GrafenstineCISA, CGEIT, CRISC, Inspector General, U.S. House of Representatives
INSIGHTS 2012 Conference Task Force Member

Grafenstine is the fourth person and first woman to be appointed as the Inspector General of the House. She has been with the House OIG since 1998. During her time with the House OIG, Grafenstine led many ground-breaking audits, including the first-ever review of the House Complex fire and emergency response program, as well as numerous security and internal control assessments, including the deployment of Active Directory and the House payroll and financial management systems.

 

Return to Event Page


I7:  Attracting and Retaining the Right Workforce

Discussion to provide insights on:

  • Changing role of technology leaders in a global market.
  • Attracting and hiring the right talent for your organization.
  • Retaining talent.
  • Developing talent

Guest: Todd Weinman

Todd WeinmanPresident, Weinman Group
INSIGHTS 2012 Task Force Co-Chair

Todd Weinman is the president and chief recruiting officer of The Weinman Group, an executive search firm serving the audit and GRC (governance, risk and compliance) niche.

Now in his 17th year focusing on this niche, Weinman has become a trusted advisor to companies in their search for outstanding talent, and to audit and GRC professionals looking to accelerate their careers.

Weinman is a previous winner of the California Association of Personnel Consultants (now CSP) “Consultant of the Year” award as the top recruiter in the state of California. He is a frequent presenter for ISACA and IIA, and various other organizations. Over the past decade, he has been actively involved in ISACA leadership roles both at the International and chapter level. Weinman has written articles and/ or been interviewed for a variety of publications, including the Wall Street Journal.

.

Host: Jo Stewart-Rattray, CISA, CISM, CGEIT, CRISC

Jo Stewart-RattrayDirector of Information Security and IT Assurance, BRM Holdich

Stewart-Rattray is director of information security and IT assurance at BRM Holdich. She has more than 25 years of experience in the IT field; some of which were spent as CIO in the utilities space, and 16 years in the information security arena. She specializes in consulting in information security issues, with a particular emphasis on governance in both the commercial and operational areas of businesses. Stewart-Rattray provides strategic advice to organizations across a number of industry sectors, including banking and finance, utilities, automotive manufacturing, tertiary education, retail and government.

Return to Event Page


I8:  Emergence of Extreme DevOps

Discussion to provide insights on:

  • Communication, collaboration and integration – the DevOps movement.
  • Factors driving the emergence of DevOps?
  • Challenges with DevOps implementation.
  • Is there a greater potential for fraud?
  • Concept of segregation of duties.
  • Impact on innovation and business.

Guest: Glenn O’Donnell

Glenn O'DonnellSenior Analyst, Forrester Research

O’Donnell is widely regarded as a top thought leader in automation, service management, IT operations, and the broader social implications of technology evolution, leveraging his 31 years of IT experience. His specialties are in IT automation, IT management software, configuration and change management, and operational excellence. He is the co-author of The CMDB Imperative, the popular book on best practices for designing, managing and leveraging configuration management information.

Prior to joining Forrester, O’Donnell was a major force in transforming EMC’s resource management software business, as a marketing lead and strategic contributor. He is also a former analyst at META Group, where he also covered IT operations and management software. Most of his career encompassed 21 years in various companies within the Bell System, including Western Electric, Bell Labs, AT&T, and finally, Lucent Technologies, where he held increasingly influential roles in technology development, IT operations, and enterprise architecture.

Host: Larry Lam, CISA

Larry C.K. LamManaging Director, Maguire Asia
INSIGHTS 2012 Conference Task Force Co-Chair

 Larry Lam is a consultant and trainer in the areas of financial investigation, anti-money laundering, ISMS, IT assessment, internal control review, fraud risk management and corporate governance advisory.  His clients include banks, MNCs, and law enforcement agencies in Asia such as commercial crime bureau, customs, casino regulatory authority and anti-corruption agency.

 For ten years prior to pursuing his passion in lecturing and consulting, he was the executive vice president and chief auditor of a large bank in Singapore where he headed a team of about 200 auditors posted in various countries in Asia.

Prior to relocating to Singapore, he held audit management positions at Stanford University, University of California and Coopers & Lybrand’s office in San Francisco. Prior to that, he spent 3.5 years as a programmer/analyst developing and maintaining financial systems for Walt Disney Company’s headquarters.

 

Return to Event Page


I9:  The Future of Risk Management

Discussion to provide insights on:

  • Is there too much risk management?
  • Could non-compliance be proper risk management
  • Convergence of cyber security and risk management
  • Impact on an organization’s ability to innovate.


Guest: Deborah Luthi

Deborah LuthiEnterprise Risk Manager, San Francisco Public Utilities Commission, President RIMS 

On RIMS board of directors Luthi has been the liaison to the External Affairs Committee, Professional Development Committee, and Member & Chapter Services Committee. Prior to this, she served on the Technology Advisory Council, the Executive Council, Nominating Committee, the Strategic Planning Taskforce and was chair of the Member & Chapter Services Committee. Luthi is a member of RIMS Golden Gate Chapter; as well as RIMS Sacramento Valley Chapter, which she helped to co-found in 1991. Luthi, an ARM, has focused on the art (and science) of risk management. In November 2010 she joined the San Francisco Public Utilities Commission where she leads the PUC’s Enterprise Risk Management Program. Previously, Luthi was director, ERM for Matheson, Inc. bringing her transportation experience as risk manager for Sacramento Regional Transit District and two Fortune 500 companies. Prior to Matheson, Luthi was director of risk management at the University of California, Davis where she focused on promoting ERM in higher education. In 2009 Luthi was named to Business Insurance’s Women to Watch list.

 

Guest: Allan Boardman, CISA, CISM, CGEIT, CRISC

Allan BoardmanVice President, Morgan Stanley

Allan Boardman is information risk manager at Morgan Stanley. He is a past president of the ISACA London Chapter and he has also served on ISACA’s CISM Certification Committee, the Credentialing Board and the Leadership Development Committee. He currently chairs ISACA’s Credentialing Board and is a member of its Strategic Advisory Council.

He began his career with Deloitte in Cape Town and has more than 30 years of experience in IT audit, risk, security and consultancy roles at companies such as JPMorgan Chase, Goldman Sachs, KPMG, PricewaterhouseCoopers, Marks and Spencer, and the London Stock Exchange. Boardman has served on the British Computer Society’s Information Risk Management and Audit committee.

 

Host: Michael Juergens, CISA, CGEIT, CRISC

Michael JuergensPrincipal, Audit Enterprise Risk Services, Deloitte and Touche, LLP
INSIGHTS 2012 Conference Co-Chair

Michael Juergens serves as the Deloitte Pacific Southwest control assurance practice leader and is a national champion of the organization’s spreadsheet management solutions service offering. He has more than 16 years of professional experience and serves a number of Fortune 500 clients as the lead or advisory internal controls principal.

Juergens speaks nationally on internal controls topics and is the primary author of the Institute of Internal Auditor’s Global Technology Audit Guide 5, Management of IT Auditing. He has primary responsibility for ISACA's technical training program, and serves on various committees and task forces for ISACA and The Institute of Internal Auditors.  

Return to Event Page

 

Spotlight Sessions

SP1:  COBIT 5 for Information Security in The Spotlight

Released at INSIGHTS 2012 – Learn more about COBIT 5 for Information Security.

Discussion Leader: Christos Dimitriadis, CISA, CISM, CRISC

Head of Information Security, Intralot S.A.


SP2:  Privileged Access Management: Securing Access to Privileged Accounts

Learn about emerging issues, current research and the latest products and services available. These sessions are designed to be open sessions led by ISACA’s top facilitators, industry leaders and key solution providers. Topics will be announced at the conference.

Hitachi ID


SP3:  ISACA Research Spotlight

Let’s talk research. ISACA leaders and staff will share the latest research activities underway and want to hear your insights on future activities.


SP4:  Social Media:  What are the risks and how do you manage them?

This session will provide background on what social media is all about, the potential benefits (how organizations are taking advantage), and the potential risks (how organizations are identifying and managing). The rapid growth of social media comes with a number of real risks that range from data leakage and reputation damage to loss of employee productivity. We will discuss how an organization can take steps to identify relevant social media risks, and how to rank and address these risks in order of significance.

Khalid Wasti, CISA

Director, Deloitte & Touche, LLP

Return to Event Page

 

Forums

Discussion leaders will generate dialogue and debate around hot issues that impact the integration of technology and business. These sessions are designed to be thought-provoking and interactive. Audience participation is encouraged. To ensure effectiveness space is limited.

F1:  Creating a Culture of Intentional Innovation

Join this round table discussion to hear what others are doing to:

  • Encourage people do things differently in a mature organization
  • Sell their ideas
  • To help mature companies innovate
  • Leverage collaborative tools
  • Innovate or die

Facilitator: Michael Kearney

Michael KearneyPartner, Deloitte & Touche LLP

Kearney leads Deloitte’s Client Experience Labs, physical environments that bring facilitation, content and design to help clients and account teams solve complex issues. He focuses on executive transition, organizational alignment, relationship development, and customizing the client experience. Prior to his current role, Kearney led a national Innovation team focused on the identification, development and delivery of new market offerings, including Sarbanes-Oxley, governance and risk management, smart grid, and cloud computing. 

 

Facilitator: Kate Lydon

Kate LydonProject Lead Experience Design and Brand Strategy, IDEO

As a design strategist, creative director, and project lead, Kate Lydon is focused on creating resonant, holistic experiences. Since joining IDEO in 2008, Lydon has led award-winning work—from designing learning platforms in India to rethinking sustainability for the hospitality industry. She has worked on a breadth of challenges, from revamping government organizations to creating new brands to choreographing customer-centric retail experiences and reframing energy use.

Lydon is passionate about design as a means to solve complex, systemic issues, and believes in the power of collaborative design to inspire and connect. Her work is informed by a passion for cultural trends, community, and storytelling. Prior to joining IDEO, Lydon was as an architect at Fernau & Hartman and a creative director at the Smithsonian.

Return to Event Page


F2:  Big Data — Looking Forward

Join this round table discussion to learn more about:

  • What is new about Big Data?
  • Big Data’s impact on business decisions and innovation
  • Business integration
  • The new ROI for Big Data
  • Concerns with everyone having access

Discussion Leader: David Foote

David FooteCEO, Foote Partners LLC

Foote is an IT industry research pioneer, innovator, and one of the most quoted industry authorities on global IT workforce trends and multiple facets of the human side of technology value creation. His two decades of groundbreaking research and analysis of IT-business cross-skilling and the integration of technology and business management, and his leadership in developing innovative skills demand and compensation benchmarking has won him a place on a short list of thought leaders in these areas. A keen predictive trends analyst for more than 20 years, he built his reputation at Gartner, META Group, and at several Silicon Valley technology companies prior to co-founding Foote Partners in 1997. There he leads a senior team of former McKinsey & Company, Gartner and Towers Watson analysts and consultants, and former HR, IT and business executives and managers, in publishing more than 100 quarterly-updated IT benchmark and market trends reports supported by continuous data collection involving 127,000 IT and IT-business hybrid professionals at 2,350 research partner companies. A popular featured opinion columnist, conference speaker, Web communicator, and regular contributor to countless online, print, radio, and television media sources, Foote’s research-backed forecasts and analyses reach a weekly global audience of millions of business and technology professionals.

Return to Event Page


F3:  IT's Role in Business Drivers 

Join this roundtable discussion to learn more about:

  • Information as the business integrator.
  • Roles moving from CIO to Chief Integration Officer
  • Preparing work force for these changes.
  • Impact on organization’s ability to innovate if they don’t find the talent.
  • Artist vs. scientist – creativity vs. standardization

Discussion Leader: Glenn O’Donnell

Glenn O'DonnellSenior Analyst, Forrester Research

O’Donnell is widely regarded as a top thought leader in automation, service management, IT operations, and the broader social implications of technology evolution, leveraging his 31 years of IT experience. His specialties are in IT automation, IT management software, configuration and change management, and operational excellence. He is the co-author of The CMDB Imperative, the popular book on best practices for designing, managing and leveraging configuration management information.

Prior to joining Forrester, O’Donnell was a major force in transforming EMC’s resource management software business, as a marketing lead and strategic contributor. He is also a former analyst at META Group, where he also covered IT operations and management software. Most of his career encompassed 21 years in various companies within the Bell System, including Western Electric, Bell Labs, AT&T, and finally, Lucent Technologies, where he held increasingly influential roles in technology development, IT operations, and enterprise architecture.


Return to Event Page


F4:  ISAE 3402/SSAE 16/ SAS 70: A Waste of Time?

Join this roundtable discussion designed to debate the value of reporting requirements. Topics to include:

  • Are they needed?
  • Do they provide more assurance?
  • What is the value to business?
  • Who benefits? 

Discussion Leader: Phillip J. Lageschulte, CGEIT

Partner, KPMG

Phil Lageschulte is a partner with KPMG’s Advisory Services practice, the global service line leader for KPMG’s IT internal audit services practice and is a member of KPMG’s Global Cloud Steering Committee. He has spent his career working with companies in the insurance industry, and has 22 years of experience providing information technology consulting and attestation services to clients across a variety of industries including insurance, healthcare, distribution, consumer retail, and data services.  Lageschulte spent the first 11 years of his career with KPMG performing a variety of audit related services within KPMG’s insurance audit practice.   Over the last 11 years of his career he has advised clients in managing the business risk related to technology including security, business continuity, ERP implementations, IT audit, IT governance, Sarbanes-Oxley, and technology attestation.   


Return to Event Page


F5:  Bring Your Own Devices (BYOD)

Join this round table discussion to share BYOD challenges, insights and solutions.  

Facilitator: Ramsés Gallego, CISM, CGEIT

Ramses GallegoSecurity Strategist and Evangelist, Quest Software

Ramsés Gallego is security strategist and evangelist at Quest Software, where he also oversees the deployment of services. With a background in business administration and law, Gallego has more than 15 years of security experience with expertise in risk management and governance. Before joining Quest Software, he worked at CA Technologies for eight years, was regional manager for SurfControl in Spain and Portugal, and most recently was chief strategy officer of the security and risk management practice at Entelgy.

Return to Event Page


F6:  Technology Trends 2012

In this session, Deloitte thought leaders will provide an overview of the recent 2012 Emerging Technology Trends report, and provide the opportunity for an interactive “deep dive” session on several key topics: Emerging trends, impact on businesses, and what leading class organizations are doing to address the intersection of business and IT. Join this round table discussion to gain insights on:

  • Rising issues
  • Future impact on business
  • How leading class organizations are addressing the intersection of business and IT.

Discussion Leader: Michael Juergens, CISA, CGEIT, CRISC

Michael JuergensPrincipal, Audit Enterprise Risk Services, Deloitte and Touche, LLP
INSIGHTS 2012 Conference Co-Chair   

Michael Juergens serves as the Deloitte Pacific Southwest control assurance practice leader and is a national champion of the organization’s spreadsheet management solutions service offering. He has more than 16 years of professional experience and serves a number of Fortune 500 clients as the lead or advisory internal controls principal.

Juergens speaks nationally on internal controls topics and is the primary author of the Institute of Internal Auditor’s Global Technology Audit Guide 5, Management of IT Auditing. He has primary responsibility for ISACA's technical training program, and serves on various committees and task forces for ISACA and The Institute of Internal Auditors.

 
Return to Event Page


F7:  Emerging Regulations

Join this roundtable discussion to learn more about:

  • Big impact regulations, what are they?
  • Impact of these regulations.
  • How to prepare for them.

Discussion Leader: Larry Lam, CISA

Larry C.K. LamManaging Director, Maguire Asia
INSIGHTS 2012 Conference Task Force Member

Larry Lam is a consultant and trainer in the areas of financial investigation, anti-money laundering, ISMS, IT assessment, internal control review, fraud risk management and corporate governance advisory.  His clients include banks, MNCs, and law enforcement agencies in Asia such as commercial crime bureau, customs, casino regulatory authority and anti-corruption agency.

For ten years prior to pursuing his passion in lecturing and consulting, he was the executive vice president and chief auditor of a large bank in Singapore where he headed a team of about 200 auditors posted in various countries in Asia.

 Prior to relocating to Singapore, he held audit management positions at Stanford University, University of California and Coopers & Lybrand’s office in San Francisco. Prior to that, he spent 3.5 years as a programmer/analyst developing and maintaining financial systems for Walt Disney Company’s headquarters.

 

Discussion Leader: Vernon Poole, CISM, CGEIT, CRISC

Vernon PooleHead of Business Consultancy, Sapphire

As head of Business Consultancy, at Sapphire, Poole addresses information governance and best practice standards on information security management and associated areas (ISO27000 series; ITIL; COBIT; Val IT; New Business Model for Information Security, Continuous Auditing and BCP). Poole has worked with many organizations in developing tailored information security governance models to enable clients to benchmark their information security improvements.

He is a member of ISACA’s COBIT 5.0 Task Force, Information Security Management Committee and IT Governance Institute, a CISM trainer and a frequent speaker at ISACA global conferences. He is a thought leader for developing the new Business Model for Information Security (BMIS). Poole started in consultancy with Capita and has over 20 years experience in information security management consultancy and training. He has also worked in the public sector and with Aid to Industry (UK audit and security training group).

Return to Event Page


F8:  CEO's Perspective on IT and Business

Join this round table discussion to gain useful insights from PricewaterhouseCoopers latest Global CEO Survey including:

  • CEO’s perspectives on technology
  • Impact of these perspectives on an enterprise’s success

Discussion Leader: Cristina C. Ampil

Cristina AmpilManaging Director, Thought Leadership Institute, PricewaterhouseCoopers

Ampil leads a team of senior research fellows who articulate PwC's distinctive points of view on business issues of significant concern to the C-Suite: strategy and growth, risk, regulation, governance, talent, operations, technology and innovation, and sustainability.

Ampil helps drive the strategic direction of thought leadership in the firm. Currently, she focuseson the transition of PwC thought leadership to digital formats and channels. For 10 years, Ampil led the research consulting practice within the Hospitality and Leisure group at PricewaterhouseCoopers. Her research team prepared industry fundamental analyses and forecasts for equity research analysts at investment banks, including Institutional Investor-rated analysts. Her team also performed strategic research assignments for senior management and boards at major hospitality and leisure companies.

  

Return to Event Page

 

Luncheon Sessions

Enjoy lunch and stay for an insightful discussion.

L1:  Elevating Business Through Technology

Leading technology suppliers share their thoughts on the impact of technology on an organization's overall success.

Guests: Microsoft, Hitachi ID Solutions

Return to Event Page


L2:  Emerging Threats, Trends, Items of Concern in Cyber Space

Engaging and realistic luncheon discussion from top experts on cyber space to include impact of cyber attacks, speed of attacks, risk management, disclosure obligations and other current issues/trends.

Guest: John Bumgarner

John BumgarnerCTO, U.S. Cyber Consequences Unit

 

 


 

Guest: Lee Badger

Lee BadgerIT Specialist, Computer Security Division, Systems & Emerging Technologies Security Research Group, National Institute of Standards and Technology

Lee Badger is a computer scientist at the National Institute of Standards and Technology (NIST), and manages the Security Components and Mechanisms group in the Computer Security Division of NIST’s Information Technology Laboratory. Badger has over 20 years of experience with computer security research, with a focus on operating systems and access control. Prior to joining NIST in 2008, Badger served as a Defense Advanced Research Projects Agency (DARPA) program manager for 6 years where he funded and managed a variety of programs focusing on self-regenerating systems, intrusion tolerance, self-defending applications, software security analysis, and software producibility. Prior to joining DARPA, Badger led development efforts culminating in implementations of Domain and Type Enforcement (DTE) for UNIX, a DTE-enforcing firewall, a Generic Software Wrappers system for UNIX, and application of software wrappers for intrusion detection.


Guest: Marcus Sachs

Marcus SachsVice President, National Security Policy, Verizon Communications

Sachs is also Vice Chair of the Communications Sector Coordinating Council. He serves on several other public/private working groups in Washington and was a member of the CSIS Commission on Cyber Security for the 44th Presidency. From 2003 to 2010 he volunteered as Director of the SANS Internet Storm Center. He retired from the U.S. Army in 2001 following a 20-year career and was appointed by the President to serve in the White House Office of Cyberspace Security in 2002-2003.

Host: Michael Juergens

Michael JuergensCISA, CGEIT, CRISC, Principal, Audit Enterprise Risk Services, Deloitte and Touche, LLP

Michael Juergens serves as the Deloitte Pacific Southwest control assurance practice leader and is a national champion of the organization’s spreadsheet management solutions service offering. He has more than 16 years of professional experience and serves a number of Fortune 500 clients as the lead or advisory internal controls principal.

Juergens speaks nationally on internal controls topics and is the primary author of the Institute of Internal Auditor’s Global Technology Audit Guide 5, Management of IT Auditing. He has primary responsibility for ISACA's technical training program, and serves on various committees and task forces for ISACA and The Institute of Internal Auditors.

Return to Event Page