North America CACS 2019 Conference: Computer Audit, Control and Security 


North America CACS 2018 Highlights

North America CACS 2018 Highlights Watch Now >>



Opening Keynote Speaker

Guy KawasakiGuy Kawasaki
Silicon-Valley based author, speaker, entrepreneur, and evangelist
More >>


Closing Keynote Speaker

Sekou AndrewsSekou Andrews
Poetic Voice, CEO/Founder, SekouWorld Inc.
More >>




Review highlights from 2018 CACS Conferences

North America CACS and EuroCACS: 2018 Conference Report

See What’s Next at North America CACS 2019. Don’t Miss Your Best Chance to Save on the Top Audit, Control and Security Event in North America—Sign Up Now!


Register Early and Save US $400! Use the code NAC400 at checkout to redeem your discount before it expires 16 November 2018!

Stay ahead of trends and tools across your professional landscape. Join us at North America CACS 2019, 13-15 May in Anaheim, California, and be a part of the top conference for IS audit and security professionals!

North America CACS 2018 broke records! Don't miss next year's exciting encore with:

  • Dozens of new sessions for you customize toward your goals
  • More in-depth options for advanced learning
  • Enhanced networking opportunities

Review the content from 2018’s event brochure and video, and come back for additional conference updates as they become available!

North America CACS 2018 Brochure Download


Choose from dynamic, timely topics that help you address challenges and learn innovative solutions.


Enjoy direct access to industry leaders, expert speakers and valuable resources.



Countdown to



Earn up to 39 CPE hours by attending this conference.

Join the Conversation

North America CACS Testimonials



Anaheim Marriott

700 West Convention Way
Anaheim, CA 92802

Phone: 714.750.8000
Hotel Website

See the Event Destination tab for more information.

Follow @ISACANews and join the North America CACS conversation by using the hashtag #NACACS.
Like ISACA on Facebook to stay informed.
Follow @ISACANews on Instagram to see behind the scenes photos of the conference.
Follow ISACA’s Company page on LinkedIn for updates.

Thank You to Our 2018 Premium Sponsors!


Vanguard Integrity Professionals

Deloitte & Touche




SAI Global







Qualys, Inc.

Redgate Software

Winterhawk Consulting



The North America CACS Conference is the premier conference for Audit/Assurance, COBIT, Compliance, Risk, Security, and Strategy/Governance professionals. This year’s program will include sessions on:

As the program is developed, we will continue to add information to this page – check back frequently for updates!


Opening Keynote Speaker

Guy KawasakiGuy Kawasaki
Silicon-Valley based author, speaker, entrepreneur, and evangelist

Guy Kawasaki is the chief evangelist of Canva, an online graphic design tool. He is a brand ambassador for Mercedes-Benz and an executive fellow of the Haas School of Business (UC Berkeley). More >>

Closing Keynote Speaker

Sekou AndrewSekou Andrew
Poetic Voice, CEO/Founder, SekouWorld Inc.

A week in the life of poetic voice, Sekou Andrews, could find him keynoting at a leadership conference, helping a Fortune 500 company with brand messaging, or performing for Barack Obama in Oprah Winfrey’s backyard. More >>


ISACA will be hosting a variety of 1-day and 2-day workshops immediately before and after the North America CACS Conference in 2019 to help you maximize your time, travel and CPE! Information on these workshops will be posted soon, so be sure to check back for more details!

New in 2019! Workshop materials will be electronically provided to attendees one week in advance of the conference. If you have not received materials by 3 May 2019 please contact

2-day Pre-Conference Workshops (14 CPE)
Saturday, 11 May & Sunday, 12 May 2019

1-Day Post-Conference Workshops (7 CPE)
Wednesday, 15 May & Thursday, 16 May 2019


 Panel Sessions Panel Sessions

Saturday, 11 May


8:00AM – 5:00PM

Registration Desk Open

8:00AM – 9:00AM

Workshop Breakfast

9:00AM – 5:00PM

WS1—CSX Penetration Testing Overview
WS2—COBIT 2019 Foundation Course
WS3—Cybersecurity Audit Certificate Program
WS4—CISA Exam Prep Course

12:30PM – 1:30PM

Workshop Lunch

5:30PM – 6:30PM

Welcome Reception

Sunday, 12 May


8:00AM – 6:00PM

Registration Desk Open

8:00AM – 9:00AM

Workshop Breakfast

9:00AM – 5:00PM

WS1—CSX Penetration Testing Overview
WS2—COBIT 2019 Foundation Course
WS3—Cybersecurity Audit Certificate Program
WS4—CISA Exam Prep Course

12:30PM – 1:30PM

Workshop Lunch

Monday, 13 May


6:30AM – 8:30AM

Continental Breakfast

7:00AM – 7:15PM

Registration Desk & Innovation Exchange Open

8:00AM – 9:30AM

Opening General Session & Keynote Presenter
Leadership Brief by BOD

9:30AM – 9:45AM

Movement Break

9:45AM – 10:45AM

111—Performing IT Audits in the Era of Emoji’s, Meme’s & LOL’s
112—Understanding an Email Server and How to Review & Secure One
113—What Senior Executives Want to See in Security KPI/Metrics
114—Security Unstructured Data – What you Don’t know Can & Will Hurt You
115—Resilient by Design: Hacking Your Way to Enterprise Compliance
116—Improving Organizational Investigations & Response Coordination with Playbooks
117—SOC Reports: Reducing the Risk of Service Providers
118—A New Rubric for IT Recruiting and Retention
119—Bridging the Gap Between Information Security & IT Audit

10:45AM – 11:15AM

Networking Break

11:15AM – 12:15PM

121—Understanding Covert Channels of Communication
122—Anatomy of a Nation-State Attack
123—Digital Risk Management: An Imperative for Auditors
124—Auditing Big Data Systems
125—Agile, DevOps & Compliance
126—Security Threats & Trends in 2019 & Impact on Threat Response
127—How Secure Are Your Vendors? Third Party Risk Management in Information Security
128—Creating a Land of Opportunity, Part 1
129—Reduce Risk & Increase Productivity by Utilizing Cross Functional Collaboration

12:15PM – 1:45PM


1:45PM – 2:45PM

131—eDiscovery – Understanding Attorney Requests for Search & Preservation
132—Is AI Becoming the Firewall of 2003? Finding the Just Right Use Cases For AI & ML
133—IT Risk Management Project Governance as a Strategic Imperative
134—Operationalize Your Data Map: Getting the Most Out of your Data Mapping Efforts
135—California Consumer Privacy Act 2018 – Is it GDPR for California?
136—Breached! Lessons from the Biggies
137—Trusting Cloud Services Providers Security: Understanding your CSP’s Shared
138—Creating a Land of Opportunity, Part 2
139—Being Relevant: Aligning Your Security Program with the Business

2:45PM – 3:00PM

Movement Break

3:00PM – 4:00PM

141—Incorporating Security Practices into Business Practices
142—Safeguarding Web Applications: A Different Perspective
143—Providing Assurance over the Internet of Things
144—Data Analytics – The Road to AI: Lessons Learned from Automation, Earning Releases & Risk Modeling
145—What is Required in the HIPAA Risk Analysis?
146—Cyber Incident Response Planning
147—How to Ensure Vendor Compliance & the Mitigation of Third Party Risks
148—The Auditor of Tomorrow
149—Communicating Your Cybersecurity Efforts to Stakeholders

4:00PM – 4:30PM

Networking Break

4:30PM – 5:30PM

151—Auditing CSP’s The Devil is in the Details
152—How to Operationalize Cybersecurity: Turning Policy into Action
153—Rethinking Identity Risk: Applying an Integrated Risk Management Approach to Identity Risk
154—What’s in Your Release? Analytics for DevSecOps
155—Data Sharing – Risks & Controls
156—How to Audit Incident Response Plans
157—Both Sides of the Coin: A Bilateral View of the Vendor Risk Management Process
158—Information Coming Soon
159—Strategies for Getting Audit Working Effectively with Security & Risk

5:30PM – 7:30PM

Networking Reception in Innovation Exchange

5:45PM – 6:15PM

Spotlight Sessions

6:30PM – 7:00PM

Spotlight Sessions

Tuesday, 14 May


6:30AM – 8:00AM

Continental Breakfast

7:30AM – 4:00PM

Innovation Exchange Open

8:00AM – 9:15AM

Disruptive Technologies Panel  Panel Sessions

9:15AM – 9:30AM

Movement Break

9:30AM – 10:30AM

211—AWS for Auditors
212—Cloud Insecurity: The Need for Stronger Identity Management
213—New Work Program for Assessing Machine Identity Risk
214—Keeping Pace with Adoption of Disruptive Technologies & Auditing Their Risks
215—10 Reasons Companies Fail PCI DSS Assessments
216—Part 1: When SIEM Is Not Your Friend
217—GDPR Article 28: Operationalizing Third & Fourth Party Vendor Risk Management
218—The Journey to Become a CISO and Why They Don’t Run with Scissors  Panel Sessions
219—Information Coming Soon – SheLeadsTech Programming

10:30AM – 11:00AM

Networking Break

11:00AM – 12:00PM

221—Preparing for the Security Audit – Is Your ERP Ready?
222—Legacy to Greenfield – Migrating to a Zero Trust Model with Microsegmentation
223—Blockchain & Cryptocurrency Emerging Regulations in the USA
224—Protect Your Data Against Insider Threats
225—Information Coming Soon
226—Part 2: Extending your Incident Response Capabilities with Sysmon
227—Trust But Verify- Why Your Supply Chain is Weaker Than You Think
228—CISO/ISO Roundtable – Open Discussions Where we Won't Tell the Auditors  Panel Sessions
229—Information Coming Soon – SheLeadsTech Programming

12:00PM – 1:30PM


1:30PM – 2:30PM

231—Using Network Forensic Techniques to Detect Threats
232—Identifying Critical Flaws in Hardened Active Directory Environments
233—Cyber Insurance: You Thought You Were Protected, but Are You?
234—Information Coming Soon
235—Chasing the Privacy Risk Monster Within your Organization
236—Incident & Breach Management: Building a Harmonized Response Plan for Privacy & Security Teams
237—Improve Your Vendor Management with COBIT 5
238—39 Ways to Work with the Board
239—Women Leaders in Tech: Remarkable Journeys  Panel Sessions

2:30PM – 300PM

Networking Break

3:00PM – 400PM

241—Designing Security Assessments for Building Automation Systems
242—Physical Data Security
243—Practical Threat Modeling
244—Building a Defensible Data Destruction Strategy For Structured & Unstructured Data
245—Compliance in an Age of Ongoing Innovation  Panel Sessions
246—Incident Response - Practical Survival Guide
247—Information Coming Soon
248—Why Emotional Intelligence & Critical Thinking Skills are Essential
249—Information Coming Soon – SheLeadsTech Programming

4:15PM – 4:45PM

Spotlight Sessions

5:00PM – 7:00PM

Social Event

Wednesday, 15 May


6:30AM – 8:00AM

Continental Breakfast

7:30AM – 5:00PM

Registration Desk Open

8:00AM – 900AM

311—Emerging IT Audit Issues Panel  Panel Sessions
312—Information Coming Soon
313—Risk Management in a Disruptor Economy & Era
314—The Future Pitfalls of Security Toady – More Data, Less Information, More Noise, Less Signal
315—Using PCI DSS to comply with GDPR
316—Information Coming Soon
317—Managing Cyber Risks in an Increasingly Outsourced World
318—The Impact of Burnout
319—The Cultural Elephant in the Room

9:00AM – 9:15AM

Movement Break

9:15AM – 10:15AM

321—Are Trust Stores Park of Your PKI Audit?
322—Security and the Internet of Everything Panel  Panel Sessions
323—The Dark Web: The Myths, Reality & The Risks
324—Partner US Digital Risk Solutions Leader
325—Bulletproof your GRC Program
326—Information Coming Soon
327—Information Coming Soon
328—Information Coming Soon
329—Information Coming Soon

10:15AM – 10:45AM

Networking Break

10:45AM – 12:00PM

Closing General Session & Keynote Presenter
Leadership Brief by BOD

12:00PM – 1:00PM


1:00PM – 5:00PM

WS5—Hands on Technical Survey of Cybersecurity – A Primer for Auditors
WS6—Hands-on Forensics for Audit
WS7—Launching an IT Audit Analytics Program, Starting with Value-add RPA
WS8—Risk Management & Communication

Thursday, 16 May


8:00AM – 12:00PM

Registration Desk Open

9:00AM – 12:00PM

WS5—Hands on Technical Survey of Cybersecurity – A Primer for Auditors
WS6—Hands-on Forensics for Audit
WS7—Launching an IT Audit Analytics Program, Starting with Value-add RPA
WS8—Risk Management & Communication


Continuing Professional Education Credits

To maintain ISACA certifications, certification holders are required to earn 120 CPE credit hours over a three-year period in accordance with ISACA’s continuing professional education (CPE) policy. Attendees can earn up to 39 CPE credits; 18 by attending North America CACS 2019, 14 for the pre-conference workshops and 7 for the post conference workshops. ISACA conferences are Group Live and do not require any advanced preparation.

Please note that the session scanners at the Conference do not track CPE credit hours. You will still need to allocate your CPE hours in “My ISACA” following the conference. Certificates of Attendance will be accessible via your MyISACA account. To view your certificate, log into your account and navigate to the “myDOWNLOADS & CERTIFICATES” tab. There you will find a “MY CPE CERTIFICATES” section where all of your ISACA event CPE Certificates will live.

Your Certificate of Attendance details the maximum number of CPE hours you could have earned by attending this event. CPE policies for each ISACA certification, as well as details on how to report your CPE hours, are available here on ISACA’s website. Reporting can also be done by submitting information on the annual renewal invoice.

Conference Registration Fees


Register and pay before 11:59PM CDT (UTC-6) on Friday, 10 May 2019
Member US $1,745
Non-member US $1,945

Register and pay after Friday, 10 May 2019
Member US $1,945
Non-member US $2,145

Two-Day Workshops
WS1—CSX Penetration Testing Overview US $1149 member/non-member
WS2—COBIT 2019 Foundation Course US $1000 member/non-member
WS3—ISACA’s Cybersecurity Audit Certificate Program   US $1249 member/non-member
WS4—CISA Exam Prep Course US $1099 member/non-member

One-Day Workshops
WS5—Hands on Technical Survey of Cybersecurity US $899 member/non-member
WS6—Hands-on Forensics for Audit US $650 member/$850 non-member
WS7—Launching an IT Audit Analytics Program   US $650 member/$850 non-member
WS8—Risk Management & Communication US $650 member/$850 non-member

Cancellation Deadline:

12 April 2019

Justify your Attendance

Registration and Payment Policy

Registration submissions for this conference and any additional workshops are not processed, and a seat is not confirmed or reserved, until full payment is received. All submissions not paid in full will be placed on a waitlist and priority will be given to paid registrants in a payment first-come, first-serve basis. Space is limited, so it is highly recommended that payment is provided at the time of submission to guarantee a seat within the conference and all related events.

Registration rate is determined by the date payment is received by ISACA HQ and current membership status. Please plan accordingly, as it may take 10 or more business days for a wire transfer or mailed check to reach ISACA. Should we receive payment after a registration rate deadline, your account will be adjusted to reflect the current due amount. Entrance to the conference and all related events is contingent upon full payment.

Discounts for the Conference are available, detailed below. In order to verify eligibility for any of these discounts, please contact or +1.847.660.5670. Note that discounts cannot be credited to you after the transaction has been completed.  All discounts are applied to the main conference registration fee, and cannot be applied to workshop registrations. 

You must be 21 years of age or older to attend this event.

Group Discounts

ISACA offers discounts to organizations sending 4 or more employees to a single conference. Group registrations must be processed in a single registration transaction. Please contact the ISACA Conference department for more details at +1.847.660.5670 or; cannot be combined with any other registration discount offerings.

Government Discounts

ISACA offers a $350 conference registration discount to government employees. Please contact the ISACA Conference department for more details and eligibility verification at +1.847.660.5670 or; cannot be combined with any other registration discount offerings.

Academic and Student Discounts

ISACA offers a $350 discount to academic institution employees and students. Please note that you must be an ISACA Student member in order to receive the student discount; additional membership and qualification details can be found here. For additional registration details and eligibility verification, please contact ISACA’s Conference Department at +1.847.660.5670 or; cannot be combined with any other registration discount offerings.

Cancellation Policy

All cancellations must be received by the published deadline to receive a refund of registration fees. A cancellation charge of US $295 will be subtracted from conference refunds, and US $50 per workshop from workshop refunds. No refunds can be given after the cancellation deadline above. Attendee substitution is permitted at any time until the conference. If a nonmember is substituting a member, then there will be additional nonmember fees.

NOTE: Registration is contingent upon full payment of the registration fee. To guarantee registration, conference fees must be received by the published deadline. It may take 10 or more business days for a wire transfer or mailed check to reach ISACA, so please plan accordingly. If, for any reason, ISACA must cancel a course or event, liability is limited solely to the registration fees paid. ISACA is not responsible for other expenses incurred, including travel and accommodation fees. For more information regarding administrative policies, please contact the ISACA conference department.
Phone: +1.847.660.5670
Fax: +1.847.253.1443

Payment Methods

  1. Pay online at
  2. Mail your payment to:
    1055 Paysphere Circle
    Chicago, IL 60674 USA
  3. Bank Wires—send electronic payments in US dollars to:
    Bank of America
    135 S. LaSalle St.
    Chicago, IL 60603
    ABA #0260-0959-3
    ISACA Account #22-71578
    S.W.I.F.T. code BOFAUS3N
    * Please include attendees name on the Advice of Transfer.


ISACA reserves the right to alter or delete items from the program in the event of unforeseen circumstances. Material has been prepared for the professional development of ISACA members and others in the IT audit, control, security, and governance community. Neither the presenters nor ISACA can warrant that the use of material presented will be adequate to discharge the legal or professional liability of the members in the conduct of their practices. All materials used in the preparation and delivery of presentations on behalf of ISACA are original materials created by the speakers, or otherwise are materials which the speakers have all rights and authority to use and/or reproduce in connection with such presentation and to grant the rights to ISACA as set forth in speaker agreement. Subject to the rights granted in the speaker agreement, all applicable copyrights, trade secrets, and other intellectual property rights in the materials are and remain with the speakers.

Please note: unauthorized recording, in any form, of presentations and workshops is prohibited.

Not a member of ISACA? Join today!

When you register for the conference as a nonmember, the difference between member and nonmember conference fees can be applied towards ISACA membership. This means you can become a member at the international and chapter level for little to no additional cost; it just depends on your local chapter dues. To take advantage of this great offer, check the box on the registration form. For more information about ISACA membership, visit the web site at or contact the membership department at

NOTE: This offer expires 30 days after completion of the event. Nonmembers pay the nonmember conference fee when registering.

Consent Language for Photos, Audio and Video Recordings Taken at Events or for Marketing Purposes

I agree irrevocably and free of charge that ISACA or any third party who is acting on ISACA’s behalf may create images, videos and/or sound recordings of me (“works”) at the event for marketing purposes. For these purposes, the granting of rights in the works also includes the rights to adapt, reproduce, distribute, perform, making available to the public, broadcast, retransmit or sublicense the works to ISACA’s affiliates. The granting of rights in the works also includes all current and future media, goes beyond the repetition of an event and is not restricted to time or territory. View ISACA’s Privacy Notice >>


Business casual is appropriate for this and all ISACA conference events.

Welcome to Anaheim!

“I believe in being an innovator.” -Walt Disney. Join innovators of all kinds in Anaheim, California, for North America CACS 2019. Explore the city beyond the conference with new developments in the Packing District and the Center Street Promenade. Take in a baseball game with the Los Angeles Angels or experience the sights and sounds of Disneyland during your stay!

Conference Venue

Anaheim Convention Center

800 W Katella Ave.
Anaheim, CA 92802

All conference events will take place at the Anaheim Convention Center, unless explicitly noted in the event schedule. ISACA highly recommends that attendees stay at the Anaheim Marriott, located next to the Convention Center – see full hotel details below.

Headquarter Hotel

Anaheim Marriott

700 West Convention Way
Anaheim, CA 92802

Phone: 714.750.8000
Hotel Website

Click Here to Make Your Reservation!

ISACA Group Rate:  $195.00 + taxes/fees per night, single/double occupancy

Group Rate Deadline: Sunday, 21 April 2019
*Room rate shown is subject to appropriate state, local, and occupancy taxes. These taxes are currently 15% occupancy, 2% Anaheim Tourism Improvement District Assessment, and California State Tourism fee of USD $0.94 with Occupancy Tax of USD $0.14 per room night occupied.

There are a limited number of rooms available at ISACA’s Group Room Rate and reservations will be handled on a first come-first served basis. All reservations made after the deadline or after the room block fills, are subject to space and rate availability. In order to guarantee hotel reservations, guests will be required to provide credit card and will be charged a deposit equal to one-night rate plus taxes and fees. Cancellations with full refund will be allowed up until 72 hours prior to the arrival date of the reservation.

Next to the Anaheim Convention Center, you’ll love the convenient location in the heart of Anaheim’s Resort District! The Anaheim Marriott is just steps from the Anaheim Convention Center and walking distance to Disneyland®. This upscale hotel is a short distance to the excitement of Angel Stadium and concerts at the House of Blues. Additional features include a cutting-edge gym, resort-like outdoor pool, rejuvenating whirlpool and it is home to nFuse - known for an extensive bourbon collection, specialty cocktails and mouthwatering California cuisine using the freshest ingredients from the nFuse Garden.



Help Us to Help You!

For the best possible experience, ISACA strongly encourages conference delegates to stay at the host hotel. It is the most convenient location for attendees to be able to participate in all conference activities at a negotiated price. In addition, every reservation made for those attending CSX 2018 North America helps ISACA fulfill its commitment to the hotel, in turn allowing ISACA to continue to keep the cost of both conference fees and membership dues as low as possible.

Please note: ISACA will never contact you with guest room promotions offering a better deal. With the advent of discount aggregators or housing “pirates,” if you experience a problem with a “pirate” reservation, ISACA cannot assist you. However, please know that ISACA staff will work with you to resolve issues that may arise if you make your reservation through the ISACA-provided housing registration link. 

Thank You to Our 2018 Sponsors!




Qadium provides you with the complete solution you need to define and secure your perimeter. Our smart perimeter solution started in DARPA and today powers the world’s largest organizations with a near real-time, outside-in solution.

Our global Internet intelligence platform offers large organizations complete visibility into and actionable insights about their true network perimeters to mitigate security risks – including beyond-the-firewall “unknown unknowns” like shadow IT in cloud hosting, assets lost during M&A events, regional offices violating policy, and more.

We offer a variety of engagements – enterprise-ready quarterly perimeter audits, hands-on clean-up projects and smart perimeter software subscriptions, that complete the cybersecurity stack.

Come to booth 106 and see why organizations like CVS, PayPal, Capital One, and Allergan trust Qadium to define and secure their perimeters.



RSA Business-Driven Security™ solutions help customers comprehensively and rapidly link security incidents with business context, enabling them to respond effectively and protect what matters most. Our award-winning solutions for threat detection and response, identity and access assurance, consumer fraud protection, and business risk management help RSA customers thrive in an uncertain, high-risk world.


Vanguard Integrity Professionals

Vanguard Integrity Professionals provides enterprise security software and services that solve complex security and regulatory compliance challenges for financial, insurance, healthcare, education, transportation and government agencies around the world. Vanguard provides Cybersecurity Solutions Securing any Enterprise. The world’s largest Financial, Insurance, Government Agencies and Retailers entrust their security to Vanguard Integrity Professionals. Vanguard is committed to protecting and securing the Cloud, zOS Security Server and Enterprise environments. Vanguard provides 24/7/365 live customer support from the United States of America.




Deloitte & Touche

Deloitte Risk and Financial Advisory helps organizations effectively navigate business risks and opportunities—from strategic, reputation, and financial risks to operational, cyber, and regulatory risks—to gain competitive advantage. We apply our experience in ongoing business operations and corporate lifecycle events to help clients become stronger and more resilient. Our market-leading teams help clients embrace complexity to accelerate performance, disrupt through innovation, and lead in their industries.







OneTrust is a global leader in enterprise privacy management software used by more than 1,500 organisations to comply with data privacy regulations across jurisdictions, including the EU GDPR.

Powered by deep privacy research, our comprehensive and integrated platform includes readiness assessments, privacy impact assessments (PIA/DPIA), data mapping automation, website scanning and cookie compliance, subject rights and consent management, incident reporting, and vendor risk management.

OneTrust is co-headquartered in London, UK and Atlanta, GA with a global team of privacy and technology experts. OneTrust is backed by the founders of Manhattan Associates (NASDAQ: MANH) and AirWatch ($1.54B acq by VMware).



Protiviti is a global consulting firm that delivers deep expertise, objective insights, a tailored approach and unparalleled collaboration to help leaders face the future with confidence. Through our network of more than 70 offices in over 20 countries, Protiviti and our independently owned Member Firms provide our clients with consulting solutions in finance, technology, operations, data analytics, governance, risk and internal audit.


SAI Global

SAI Global helps organizations proactively manage risk to create trust and achieve business excellence, growth, and sustainability. Our integrated risk management solutions are a combination of leading capabilities, services and advisory offerings that operate across the entire risk lifecycle allowing businesses to focus elsewhere. Together, these tools and knowledge enable clients to develop a holistic, integrated view of risk.

We have global reach with locations across Europe, the Middle East, Africa, the Americas, Asia and the Pacific. For more visit



SecurityScorecard helps enterprises gain operational command of their security posture and the security posture of their ecosystems through continuous, non-intrusive monitoring. The company’s approach to security focuses on identifying vulnerabilities from an outside-in perspective, the same way a hacker would. SecurityScorecard’s proprietary SaaS platform offers an unmatched breadth and depth of critical data points including a broad range of risk categories such as Web, Application Security, Patching Cadence, Network Security, Hacker Chatter, Social Engineering, and Leaked Credentials, DNS Health, Endpoint Security, IP Reputation and Cubit Score. To receive an email with your company’s current score, please visit



SureCloud provides Governance, Risk & Compliance (GRC) applications and Cybersecurity services that give our customers certainty – of risk management/compliance, of cybersecurity, of having answers today and tomorrow.

Established in 2006, SureCloud is headquartered in the United Kingdom and has offices in the United States. SureCloud has more than 400 customers throughout the UK and US from the Retail, Financial Services, Government and other sectors.

We exist to help chief information security officers, CIOs, risk and compliance leaders, legal teams and others answer critical questions:

  • Are we managing risk or is risk managing us?
  • Are we compliant? Is our information technology secure?
  • Are we certain . . . today, tomorrow?




ACL is a global software company with innovative solutions to help IT professionals keep their processes in check and protect their organization’s reputation. Through a unique combination of extreme ease-of-use, cloud delivery and the integration of industry standard risk analytics, ACL’s platform helps organizations manage risks and assure effective governance. Learn more at our booth and



Saviynt is a leading provider of Cloud Security and Identity Governance solutions. Saviynt enables enterprises to secure applications, data and infrastructure in a single platform for Cloud (Office 365, AWS, Salesforce, Workday) and Enterprise (SAP, Oracle EBS, Epic, Cerner). Saviynt delivers IGA 2.0 by integrating advanced risk analytics with fine-grained privilege management.





The Fastpath Assure suite is a cloud-based audit platform that can track, review, approve and mitigate access risks across multiple systems from a single dashboard. The suite comes with a pre-configured segregation of duties rule set specific to each ERP and works across a variety of ERP/CRM systems.



LogRhythm, a leader in NextGen SIEM, empowers organizations on six continents to measurably reduce risk by rapidly detecting, responding to and neutralizing cyberthreats. LogRhythm’s Threat Lifecycle Management (TLM) workflow is the foundation for security operations centers, helping customers secure their cloud, physical, and virtual infrastructures for IT and OT environments.


Qualys, Inc.

Qualys, Inc. is a pioneer and leading provider of cloud-based security and compliance solutions that help organizations streamline and consolidate their security and compliance solutions and build security into digital transformation. The Qualys Cloud Platform and its integrated Cloud Apps deliver businesses critical security intelligence continuously across global IT assets.


Redgate Software

Redgate is the leading provider of software tools for the Microsoft data platform. Our products are used by 800,000 IT professionals to solve problems they face every day, including maintaining data privacy, protection, and compliance.


Winterhawk Consulting

Winterhawk Consulting offers comprehensive solutions and services related to SAP Security Authorizations, SAP Role Design, and Audit to meet client’s increasingly complex compliance needs. In addition, we offer implementation and support services across all SAP GRC products, as well as HANA and fully licensed and managed Cloud Hosted solutions.




Supporting Sponsors




Focal Point Data Risk





ISACA Chicago Chapter




MIS Training Institute

Morgan Kai Group

Office of the Comptroller of the Currency

Onspring Technologies


Plante & Moran



Salty Cloud




Wolters Kluwer TeamMate

Innovation Sessions

IN1–7 Steps to Building a SOC with Limited Resources | LogRhythm, Inc
Monday, 30 April | 12:00PM – 12:20PM

IN2–Internal Audit Innovation: Structured Methods to Unlock New Value | Deloitte & Touche LLP
Monday, 30 April | 12:30PM – 12:50PM

IN3–Cyber Risk - How Do We Know If We’re Doing Enough? | RSA Archer
Monday, 30 April | 3:50PM – 4:10PM

IN4–Privacy First – What Does it Mean for the Database? | Redgate Software
Tuesday, 1 May | 8:00AM – 8:20AM

IN5–Create a Unified Approach to Continuous Compliance | Qualys, Inc.
Tuesday, 1 May | 9:50AM – 10:00AM

IN6–The 4-Facet Foundation of a Good Security Controls Framework | Winterhawk Consulting
Tuesday, 1 May | 11:45AM – 12:05PM

IN7–Intelligent Automation and its Impact on the Audit | KPMG
Tuesday, 1 May | 12:15PM – 12:35PM


For Exhibitor and Sponsorship Opportunities

Please contact: 

Sean Stringer
Director, Sponsorship
Phone: +1.847.660.5729
Fax: +1.847.253.1443



Contact ISACA's Learning Solutions Department:
Tel: +1.847.660.5670
Fax: +1.847.253.1443
Click here to submit a question.

Media Inquiries

Contact the ISACA Communications Department:
Tel: +1.847.660.5512 or

Please address Sponsorship questions to: