Local chapter events are key to creating a community of like-minded professionals and sharing knowledge with your peers. Throughout the year, this chapter hosts regular monthly chapter luncheon meetings, an annual conference in the spring and other training opportunities and social events throughout the year.

Please check back often for updates on upcoming events designed just for you. If you have suggestions for an event, please send your comments to chapter leadership.


Link to Register for Upcoming Events

March 20, 2018: 2018 Top Cybersecurity Risks and Areas of Focus

Location – Columbia Tower – Downtown Seattle
11:30 am – 1:00 pm

Pricing - Register by 3/16/18

$30 members/$40 non-members for luncheon
(1 CPE)

Presentation abstract:
Enterprise cybersecurity is an ever changing landscape with evolving threats due to next generation technologies and the ongoing changes to business models. These changes present challenges to management and Boards to understand their organization’s cyber risk or perceived lack of risk based on the nature of their business.  This topic explores the cybersecurity implications of key trends in the marketplace affecting organizations of all sizes.  During this session, we will discuss areas of focus that every public and private organization should assess as part of their cyber risk management program. 

Topics will include:
1. The present cybersecurity landscape and trends in incidents/breaches
2. The cybersecurity risk management areas of focus for organizations
3. The cybersecurity risk management journey for organization
4. Regulatory developments impacting cyber risk management program initiatives
5. Cybersecurity risk management program reporting

Speaker Bios:

Speaker: Jennifer Mak – EY, Advisory Manager 

Jennifer Mak is a Manager in EY’s Advisory Cybersecurity practice.  Based in San Francisco, Jennifer has seven years of experience with a variety of industries and Fortune 500 organizations, including technology, telecommunications, financial services, and aerospace & defense.  She helps clients assess, design, and implement initiatives (operational and strategic) related to cloud security, mobile security, data protection, and data privacy.  Jennifer graduated from the University of Virginia as a Commerce major concentrating in Information Technology & Finance.  Jennifer is a Certified Information Systems Security Professional (CISSP), Certified Information Privacy Technologist (CIPT), Certified Information Systems Auditor (CISA), Payment Card Industry Qualified Security Assessor (PCI QSA), as well as an ISO 27001:2013 Lead Implementer / Lead Auditor trained resource.

Speaker: Chris Olson – EY, Advisory Senior Manager 
Chris Olson is a Senior Manager in EY’s Advisory Risk Assurance practice.  Based in Seattle, Chris has over twelve years of experience with a variety of industries and Fortune 500 organizations, including technology, telecommunications, consumer products, and aerospace & defense.  Today, he works with customers of all shapes and sizes helping mature organizations in their IT compliance, governance, service organization reporting, and information security programs.  Chris graduated from The University of Washington with majors in Accounting and Information Systems and is a Certified Public Accountant (CPA) and Certified Information Systems Security Professional (CISSP).


2018 Spring Seminar

"The Data Breach Era: Not If, But When…"

Bell Harbor Conference Center - Seattle Waterfront

Mon, Apr 23, 2018, 8:30 AM – 4:30 PM
Tue, Apr 24, 2018, 8:30 AM - 4:30 PM

ISACA Spring Seminar Schedule

Registration fee:
$300 for Members
$450 for Non-members
13 CPE hours

We are unable to accommodate walk-ins, registration must be completed by April 18th

Day 1:

8:30am - 4:30pm (Registration opens at 8:00am)

Opening Speaker
Cybersecure Your Business: View from the FTC
Charles Harwood
Director of the Federal Trade Commission’s Northwest Regional Office

Companies that consider data security from the start, by assessing their options and make reasonable choices based on the nature of their business and the sensitivity of the information involved, can significantly reduce exposure to data loss and compromise. From information collection policies and product design through training, transmission, storage, monitoring, and disposition, planning is fundamental to managing for data risks. Law enforcement actions by the FTC and other agencies provide important guidance concerning the risks companies should consider in their planning and risk assessment exercises. This talk will use examples from more than 60 FTC data security-related law enforcement actions to help you think about common risks and reasonable responses.


Be Heard in the C of Priorities
James Habben
Forensics Investigator at Verizon

There are a lot of projects demanding resources from executive leadership. Information Security is an important initiative and we need to make sure we work within the needs of the business and effectively communicate the risks and solutions. Make sure your requests are heard.


Security Breaches - A Survival Kit
Dhanesh Gandhi
Senior Specialist at KPMG Cyber Practice, Steven J. Morrison, Director, KPMG Cyber Response Services

As many organizations are recognizing and experiencing first-hand, cyber-attacks are no longer a matter of if, but when. Recent cyber breaches at major corporations highlight the increasing sophistication, stealth, and persistence of cyber-attacks that organizations are facing today. Join our discussion where KPMG shares insights on themes such as what does ground zero on the day of breach looks like, what are the strategies that organizations need to implement to mitigate the impact of future breaches in a chaotic environment.


Reconnaissance - What hackers do to prepare for an attack
Trey Blalock
Owner of Verification Labs

Techniques used by attackers operating at different scales to scope out a company’s Internet presence, identify the location of critical assets, locate third-party connections, identify weaknesses in systems, and then exploit these weaknesses in a variety of ways. Specifically, this talk will showcase the vast amount of information available to attackers which allows them to continuously map an organization's attack surface and find areas of opportunity.


Automating Defenses, Incident Response, and Forensics
Trey Blalock
Owner of Verification Labs

Discussion about problems with traditional security deployments and how automating responses to attacks can make a huge impact on what attackers can do to radically increase the effort required to compromise systems and steal data. Followed by a walk through of how to automate incident response across an entire environment including a discussion on automated forensics.


Closing Speaker
Finding the Weakest Security Link
Joan Ross
President of CISO Advisory Services

Business networks are complex ecosystems that are constantly interconnecting. Assets are now spread out far and wide, increasing the difficulty for the security team to understand and evaluate the protections in place. Security industry expectations are that organizations are routinely applying security management frameworks to identify the weak links, but security teams experience significant challenges in not only accomplishing their priority tasks, but in managing the expectations from limited budgets compared to burgeoning business operations. In this session, we’ll discuss:

 · The Big 10 areas of cybersecurity weakness that security professionals struggle with 24/7/365.
 · The laser focus necessary to deter, defend, and develop resilient security improvements to stay ahead.
 · The ethical challenges security teams at times face in from executive expectations – it’s never perfect security.
 · Five initiatives every security team should lead their organizations in putting in place.
 · The importance of security mentorship – how to build strong teams and bring others into the profession.


Day 2

8:30am - 4:30pm

Opening Speaker 

Your data will be HAS BEEN breached. Now what?
Sean Murphy
CISO at Premera Blue Cross

The frequency and impact of data breaches in the healthcare industry show no signs of slowing.  Most realize the issues have moved past, “It is not if, it is when.”  Today, the question has become, “when is now, so now what?”  Join us for a keynote discussion on the best practices in data breach response and recovery.  How an organization prepares for an event will determine the impact on an organization both in the short-term and the long-term.  Customer experience, reputation repair, and some financial bottom line data are directly related to prompt and effective response and recovery.  Incident response has quickly become an important measure of cybersecurity due diligence.   The best time to prepare for the data breach is last year…the next best time is today.  Attendees will benefit from personal experience, lessons learned, some of which are recounted in Sean’s book, “Healthcare Information Security and Privacy,” and other industry best practices shared in this relevant and timely presentation.

Protecting Critical Assets in the Information Age
Ilanko Subramaniam
Director of Risk & Data Protection Services at Templar Shield

What is the most complex enterprise risk faced by an organization of this era? Why are companies more interested in understanding and protecting their crown jewels - information, more than ever. Information assets are more valuable than before. This presentation will detail the risk of losing your information assets including the data on your customers and third-parties. Information assets are more valuable and critical to the continued operations of your organization. We will explore industry practices in leveraging security and privacy programs and tools to address emerging risks related to potential data breach and help create focus on “when” and not “if”.

Bryan Marlatt, Director KPMG Cyber Practice

We see in the news, on a regular basis, how companies are getting hacked and how they may have prevented the loss of business partner, client and/or consumer data. Many times the attack may have been prevented or the loss of data may have been minimized.  KPMG will show how they work with their clients to prepare for an attack and what to do if an attack does occurs.

Cybersecurity Simulation 2.0: Managing Today’s Crisis for the Enterprise
Aravind Swaminathan
Global Co-Chair of Orrick’s Cyber, Privacy and Data Innovation practice
Jason Smolanoff Senior Managing Director, Global Practice Leader Cyber Security and Investigations at Kroll

A four-hour simulated cybersecurity incident.

Legal and PR/communications experts have created a hypothetical cybersecurity data breach, ripped right from the current data breach headlines. Designed to mimic the way that a typical data breach incident unfolds, our tabletop exercise will begin with a basic factual scenario (e.g., FBI contact about employee personal data on the dark web; a blog post speculating about a potential security incident, customer complaints of identity theft or fraud). Then, over the course of the exercise, our facilitators will inject new facts into the situation, and give participants a chance to discuss response measures, tactics, and strategies. Our facilitators will guide participants, highlighting best practices and potential pitfalls based on their experience responding to hundreds of similar incidents over the last three years. At the conclusion of the exercise, the facilitators will provide comments and critique of the participants, and offer additional insights into breach incident response.


See you there!

Puget Sound Chapter Board



May 15, 2018: Annual General Meeting
Topic - TBD
Location – Columbia Tower – Downtown Seattle
11:30 am – 1:00 pm