16-18 October 2019 | Geneva, Switzerland

35

CPE Hours Available

Grow Your Network. Enhance Your Knowledge.

Connect with the most dynamic minds and practitioners in information systems audit, control, security and cybersecurity.

Stay ahead of emerging trends and gain new tools, guidance and insight that will help set the course for the future of information systems and cybersecurity—and for your role in vitally important fields that assess, manage, protect, and drive the success of enterprises worldwide.

Join us during ISACA^®'s 50^th-Anniversary Year for our EuroCACS/CSX Conference to be held 16-18 October 2019 in Geneva, Switzerland. Advance your knowledge, skills and career in information systems, business and beyond in this first combined CACS and CSX event that offers a greater focus on expertise developed through ISACA's Cybersecurity Nexus™ (CSX).

Download The Conference Brochure

Secure your place today and save the most on a dynamic global event that brings together the best of ISACA's highly successful CACS and CSX conferences!

2019 EuroCACS/CSX attendees: To view the 2019 Session Presentations, please log into you ISACA account and view them on the Highlights tab.

What's in it for you?

Grow Your Network

Enjoy direct access to leaders and fellow professionals, and interaction with our expert speakers in the breakout sessions and innovators and solutions providers in the Expo Hall.

Enhance Your Knowledge

In addition to fresh perspectives on IS/IT audit, control, risk and governance, this year's programme will dive deeper into information security and cybersecurity's impact across all fields of information systems and technology. Conference track sessions and workshops will feature topics that are current and timely, subject matter that is cutting edge, a thought-leadership perspective that understands today’s industry challenges and is on the leading edge of new ideas.

Who should attend?

EuroCACS/CSX 2019 brings together experts and practitioners in the areas of audit, security, cybersecurity, compliance, risk, privacy, control and IT, from a wide range of industries, including finance, banking, tech services, government, insurance, medical and more.

EuroCACS/CSX sessions are for professionals at any point in their career, with three learning levels, hands-on labs, technical and soft-skill training, lectures, panel discussions and more. There is something for everyone at EuroCACS/CSX 2019.

What is in it for your organisation?

Embrace fresh insights, tools and solutions you can apply immediately in your organisation with your choice of 50+ track sessions.

Share your experiences with fellow conference attendees and bring back their tactics, techniques and stories of hard-earned successes to enlighten and energize your team. Add to your professional value and ready your organisation's ability to see and shape what is coming next for the world of information systems, cybersecurity, technology and business.

Follow @ISACANews and join the EuroCACS/CSX conversation by using the hashtag #EuroCACSCSX.

Like ISACA on Facebook to stay informed.

Follow @ISACANews on Instagram to see behind the scenes photos of the conference.

Follow ISACA’s Company page on LinkedIn for updates.

Continuing Professional Education Credits

To maintain ISACA certifications, certification holders are required to earn 120 CPE credit hours over a 3-year period in accordance with ISACA’s continuing professional education (CPE) policy. Attendees can earn up to 35 CPE credits; 18 by attending EuroCACS/CSX 2019, 3 by attending SheLeadsTech Seminar, and either 14 for a 2-day pre-conference workshop or 7 for a 1-day pre-conference workshop. ISACA conferences are Group Live and do not require any advanced preparation.

Please note that the session scanners at the Conference do not track CPE credit hours. You will still need to allocate your CPE hours in myISACA following the conference. Certificates of Attendance will be accessible via your MyISACA profile 4-6 weeks after the conference. To view your certificate, log into your account at www.isaca.org/MyISACA. Select the “ISACA CPE Records tab” below your dashboard to see your ISACA CPE Certificates.

Your Certificate of Attendance details the maximum number of CPE hours you could have earned by attending this event. CPE policies for each ISACA certification, as well as details on how to report your CPE hours, are available here on ISACA’s website. Reporting can also be done by submitting information on the annual renewal invoice.

Programme

As the programme is developed, we will continue to add information to this page—check back frequently for updates!

Click here for a downloadable version of our Programme

What to Expect

Opening Keynote - Anders Sorman-Nilsson

Anders is a global futurist and innovation strategist who helps leaders decode trends, decipher what's next and turn provocative questions in to proactive strategies. Don’t' miss this highly energetic and fascinating opening keynote address!

Engaging Sessions

Choose from 50+ cutting-edge sessions offering new tools and techniques, and fresh perspectives on information systems audit, control, risk and governance, and others that leverage expertise developed by ISACA’s Cybersecurity Nexus™ (CSX) to provide deeper focus on information security and cybersecurity.

Closing Keynote – Jon Duschinsky

Jon was voted the world's second most influential communicator on social innovation. He will share his expertise by Sparking Change - which involves creating the ideas that amplify the connection between what an organization does and the impact it can have in the world.

50th Anniversary Opening Platform

Featured at ISACA’s CACS conferences and other major events in 2019, ISACA marks its 50th Anniversary with a high-impact multimedia experience. Aligned to ISACA’s anniversary theme, “Honoring Our Past. Innovating Our Future, the live presentations include videos, interactive experiences and inspiring leadership remarks and reflections. ISACA recaps its history, putting the spotlight on founding member interviews, historical artifacts, as well as prompting discussions on progress, challenges and visions of the future.

Cyber Hunt

The Cybersecurity Nexus Cyber Hunt is a live competition which pits participants against each other in a race against themselves and the clock to respond to a multipronged attack while concurrently conducting a penetration test against diverse asset sets. Participants will need to leverage capabilities from all cybersecurity domains, Identify, Protect, Detect, Respond, and Recover, in an attempt to outwit and outsmart other competitors and achieve the highest score!

Interactive Workshops

ISACA will be hosting a variety of 2-day and 1-day workshops immediately before the EuroCACS/CSX Conference in 2019 to help you maximize your time, travel and CPE!

2-day Pre-Conference Workshops (14 CPE)
Monday, 14 October & Tuesday, 15 October 2019

WS1—COBIT 2019 Foundation Course
WS2—Cybersecurity Audit Certificate Programme
WS3—Accelerated CSX® Cybersecurity Practitioner Certification

1-Day Pre-Conference Workshops (7 CPE)
Tuesday, 15 October 2019

WS4—Forensics for Auditors
WS5—7 Critical Factors for Effective Security Program

SheLeadsTech Seminar

SheLeadsTech is holding a ½ day summit on Friday, 18 October following the EuroCACS/CSX event. Join us from 12:30-17:30 as we hear from dynamic speakers. The event begins with a networking lunch and ends with a reception. The event is inclusive and we encourage everyone to join us. We hope to see you there!

SheLeadsTech

Do you have a topic that you think should be offered at this conference? We want to know! Tell us about it by submitting your idea on Twitter using #EuroCACSCSX

NETWORKING RECEPTION IN THE INNOVATION EXCHANGE

Unwind with colleagues in a festive hour of networking and fun!

SCHEDULE

Your Conference Itinerary

Manage Your Itinerary Order is being processed View Your Itinerary

Sessions are still being scheduled for this conference.

You have updated your Itinerary. Please click update to confirm changes.

Moderators

Panelists

Select

You have updated your Itinerary. Please click update to confirm changes.

No results found

Continuing Professional Education Credits

Conference Registration Fees

Full Conference Registration

Register for the full conferences before 11:59PM CT on Friday, 11 October 2019. Optionally attend the workshops the day before and day after the conference.

Member Price: US $1,900.00 + VAT Non-Member Price: US $2,100.00 + VAT Your Price: Login to find out your price

Workshop Only

ISACA will be hosting a variety of 2-day and 1-day workshops immediately before EURO CACS/CSX Conference in 2019 to help you maximize your time, travel and CPE! Information on these workshops will be posted soon, so be sure to check back for more details!

Member Price: Prices vary based on workshop. See individual workshop for details. Non-Member Price: Prices vary based on workshop. See individual workshop for details. Your Price: Login to find out your price

Cancellation Deadline: Friday, 13 September 2019

Volunteers Needed!

Are you interested in volunteering at Euro CACS/CSX 2019?
Check out the volunteer opportunities and save on your CACS/CSX registration today!

Terms and Conditions

Registration and Payment Policy

Registration submissions for this conference and any additional workshops are not processed, and a seat is not confirmed or reserved, until full payment is received. All submissions not paid in full will be placed on a waitlist and priority will be given to paid registrants in a payment first-come, first-serve basis. Space is limited, so it is highly recommended that payment is provided at the time of submission to guarantee a seat within the conference and all related events.

Registration rate is determined by the date payment is received by ISACA HQ and current membership status. Please plan accordingly, as it may take 10 or more business days for a wire transfer or mailed check to reach ISACA. Should we receive payment after a registration rate deadline, your account will be adjusted to reflect the current due amount. Entrance to the conference and all related events is contingent upon full payment.

Discounts for the Conference are available, detailed below. To verify eligibility for any of these discounts, please contact https://support.isaca.org or +1.847.660.5505. Note that discounts cannot be applied retroactively. All discounts are applied to the main conference registration fee, and cannot be applied to workshop registrations.

You must be 18 years of age or older to attend this event.

Discounts

Group Discounts

ISACA offers discounts to organisations sending 4 or more employees to a single conference. Please contact the ISACA Conference department for more details at +1.847.660.5505 or https://support.isaca.org. Group registrations cannot be combined with any other registration discount offerings.

Government Discounts

ISACA offers a US $350 conference registration discount to government employees. Please contact the ISACA Conference department for more details and eligibility verification at +1.847.660.5505 or https://support.isaca.org; cannot be combined with any other registration discount offerings.

Academic and Student Discounts

ISACA offers a US $350 discount to academic institution employees and students. Please note that you must be an ISACA Student member in order to receive the student discount; additional membership and qualification details can be found here. For additional registration details and eligibility verification, please contact ISACA’s Conference Department at +1.847.660.5505 or https://support.isaca.org; cannot be combined with any other registration discount offerings.

Cancellation Policy

All cancellations must be received by the published deadline to receive a refund of registration fees. A cancellation charge of US $295 will be subtracted from conference refunds, and US $250 per workshop for a two-day workshop and US $125 for a one-day workshop from workshop refunds. No refunds can be given after the cancellation deadline above. Attendee substitution is permitted at any time until the conference. If a nonmember is substituting a member, then there will be additional nonmember fees.

NOTE: Registration is contingent upon full payment of the registration fee. To guarantee registration, conference fees must be received by the published deadline. It may take 10 or more business days for a wire transfer or mailed check to reach ISACA, so please plan accordingly. If, for any reason, ISACA must cancel a course or event, liability is limited solely to the registration fees paid. ISACA is not responsible for other expenses incurred, including travel and accommodation fees. For more information regarding administrative policies, please contact the ISACA conference department.
Phone: +1.847.660.5505
Fax: +1.847.253.1443
E-mail: https://support.isaca.org

Payment Methods

Pay online at https://conferences.isaca.org/cart
Mail your payment to:
ISACA
1055 Paysphere Circle
Chicago, IL 60674 USA
Bank Wires—send electronic payments in US dollars to:
Bank of America
135 S. LaSalle St.
Chicago, IL 60603
ABA #0260-0959-3
ISACA Account #22-71578
S.W.I.F.T. code BOFAUS3N
* Please include attendees name on the Advice of Transfer.

Disclaimer

ISACA reserves the right to alter or delete items from the programme in the event of unforeseen circumstances. Material has been prepared for the professional development of ISACA members and others in the IT audit, control, security and governance community. Neither the presenters nor ISACA can warrant that the use of material presented will be adequate to discharge the legal or professional liability of the members in the conduct of their practices. All materials used in the preparation and delivery of presentations on behalf of ISACA are original materials created by the speakers, or otherwise are materials which the speakers have all rights and authority to use and/or reproduce in connection with such presentation and to grant the rights to ISACA as set forth in speaker agreement. Subject to the rights granted in the speaker agreement, all applicable copyrights, trade secrets, and other intellectual property rights in the materials are and remain with the speakers.

Please note: unauthorized recording of presentations and workshops in any form is prohibited.

Please note that any attendee requested paperwork or documentation that ISACA needs to provide information or fill out, can take up to 10 business days.

Not a member of ISACA? Join today!

When you register for the conference as a nonmember, the difference between member and nonmember conference fees can be applied towards ISACA membership. This means you can become a member at the international and chapter level for little to no additional cost; it just depends on your local chapter dues. To take advantage of this great offer, check the box on the registration form. For more information about ISACA membership, visit the web site at www.isaca.org/membership or contact the membership department at membership@isaca.org.

NOTE:This offer expires 30 days after completion of the event. Nonmembers pay the nonmember conference fee when registering.

Consent for Photos, Audio and Video Recordings Taken at Events or for Marketing Purposes

I agree irrevocably and free of charge that ISACA or any third party who is acting on ISACA’s behalf may create images, videos and/or sound recordings of me (“works”) at the event for marketing purposes. For these purposes, the granting of rights in the works also includes the rights to adapt, reproduce, distribute, perform, making available to the public, broadcast, retransmit or sublicense the works to ISACA’s affiliates. The granting of rights in the works also includes all current and future media, goes beyond the repetition of an event and is not restricted to time or territory. View ISACA’s Privacy Notice >>

Dress

Business casual is appropriate for this and all ISACA conference events.

Justify Your Attendance

Click here for a deeper dive into how EuroCACS/CSX 2019 benefits your enterprise

Watch highlights from the 2018 EuroCACS conference and mark your calendar for 2020!

Review highlights from the 2018 CACS and CSX conferences to learn more about the sessions, speakers and networking you can expect at EuroCACS/CSX 2019.

Speaker Presentations by Session Number

Masudur Rahman

111—Auditing Application Platform as a Service (aPaaS) in Private Cloud Environment
Wednesday, October 16, 2019

Cloud computing is one of the most popular and widely used concepts in today’s technology-driven businesses. Increased number of smart devices is allowing us to work and enjoy time on our smartphones, which is offering greater services by exploring many of the features that come with cloud computing environment.

Greg Witte

112—Using NIST Frameworks with COBIT 2019
Wednesday, October 16, 2019

Learn about new processes for combining the benefits of NIST’s risk-based information security frameworks and ISACA’s updated COBIT 2019.

R.V. Raghu, CISA, CRISC

113—Ethics and AI: No Oxymoron Intended
Wednesday, October 16, 2019

AI and business are intertwined as never before. From the business perspective, AI provides many advantages and enterprises are betting big on AI. However AI brings its own ethical, moral and philosophical challenges which though may seem unimportant in a business context, many fails across the globe are bringing the spotlight on AI in business. The session will enable participants to understand the implications and challenges...

Christian F. Nissen, CISM, CGEIT

114—The Cathedral and The Bazaar - Does Governance Still Play a Role in an Agile World?
Wednesday, October 16, 2019

Most organisations leverage both plan driven and agile delivery models in their provision of digital services. But how does this diversity affect the way we govern the provision of digital services? And how do governance itself become more agile?

Jan Anisimowicz, CISM, CRISC

115—How to Ensure Vendor Compliance and the Mitigation of 3rd Party Risks
Wednesday, October 16, 2019

Vendor Management comprises all of the processes required to manage third-party vendors that deliver services to organizations. Significant effort is required from both the institution and the vendor to maximize the benefits received from the service or/and product while simultaneously mitigating associated risks. Having in mind that the scale, scope of services and the complexity of these services increase, the related risks...

Rosemary M. Amato, CISA

116—Data Classification and Data Road Maps: Where Are You with Data Requirements?
Wednesday, October 16, 2019

Data privacy, data governance, and data management are all areas that came into the forefront of priorities for companies when the European Union General Data Protection Regulations (GDPR) became effective. Yet companies still fail to prioritize data classification and have a data road map. This presentation provides background on data governance, management, and privacy and an update on what has happened since...

Kodjo Mawugbé Akpondeou, CISA

121—The Next Generation Auditors
Wednesday, October 16, 2019

Audit is evolving and is going digital. New technologies are introducing new ways to auditing. Is the Auditor of tomorrow the one that is Data and security smart? What are the challenges of auditors of tomorrow?

Charles Allen

122—Bolster Your Incident Response Plan Across Privacy & Security Teams
Wednesday, October 16, 2019

In the event of a breach, privacy and security professionals often approach incident response from two different outlooks. Whereas security teams are focused on threat vectors, privacy teams are concerned with personal data leaks and adhering to various global privacy laws. While the two come from different perspectives, it is possible to build an incident and breach response plan that addresses the needs of both teams.

Leighton Johnson, CISA, CISM, CRISC, COBIT 5

123—Auditing Blockchain
Wednesday, October 16, 2019

Bitcoin exploded on the monetary scene in 2008, and then rose dramatically in 2015-2017 to soaring heights. Today, it is relatively steady in its current values as investors, technologists and the general public began to understand its core technology, the Blockchain, and the potential uses.

Graham McKay, CISM, CRISC

124—GDPR – A DPO Perspective from the Front Line
Wednesday, October 16, 2019

GDPR is firmly embedded in most organisations and the regulatory action is now beginning to show its teeth. Data subjects have woken up to their new and enhanced rights. So how do organisations continually improve and adjust to this new landscape with stringent timescales for responding to individual requests, personal data breaches, complaints and regulatory enquiries. Graham McKay DPO at Deloitte will share the journey...

Jorke Kamstra, CISA

125—Risk Based Cyber Program Management
Wednesday, October 16, 2019

Last year our board asked a question: "We've been spending millions on this cyber program; how can we be assured we are getting value for money?". I think all of us have heard this question. What we did previously was to build a proprietary model which captured all threats to ensure we had the right maturity and capability for the cyber domains. But we couldn't say what we needed to do first, or what the result would be in...

Allan Boardman, CISA, CISM, CGEIT, CRISC

127—Strategies for Dealing with an Increasingly Sophisticated Cyber Threat Landscape
Wednesday, October 16, 2019

Cyber criminals are continuing to reshape the threat landscape as they update their tactics and tools and escalate their attacks against businesses, governments, and even the infrastructure of the internet itself. Organizations must adopt approaches to cybersecurity that will require full engagement from senior executives to protect critical business information and systems without constraining innovation and growth.

Matthias Kraft, CISA, CISM, CGEIT, CRISC

131—The Art of DevOps and Agile in Regulated Environments
Wednesday, October 16, 2019

There is only one direction of travel in technology, which is change! DevOps and Agile are vehicles for accelerated change that are becoming increasingly prevalent in today’s organisations. As with every new technology or methodology, frictions with existing working practices can arise, particularly in regulated environments such as financial services, healthcare, power and utilities. This session will introduce the audience to the...

Claudio Cilli, CISA, CISM, CGEIT, CRISC

133—The Dark Side of Cryptocurrencies
Wednesday, October 16, 2019

Illicit activities performed on both the clear and dark web, such as money laundering, drug or weapons marketplaces and child pornography are the major risk when approaching cryptocurrency for our business.

Grzegorz Szalajko

135—The Modern Way to Establish and Assess Risk Management in Projects and Programs
Wednesday, October 16, 2019

Establishing effective risk management practices in projects and programs sounds simple but it's not easy. This presentation is a summary of proven practices to make it work. It will also show how to audit risk management in a way that adds value.

Aneta Podsiadla

136—Transition From A Data Protection Project To A Data Protection Program
Wednesday, October 16, 2019

For many organisations, the GDPR was viewed as a one-time project, with an end date of May 25, 2018. In fact, the end of the GDPR project is just the beginning of the change each organization has to embrace and ensure that data protection will be continuously complied with and demonstrated in the day to day business.

Todd Fitzgerald

137—Career Decision Time: Techie? Or Security Leader?
Wednesday, October 16, 2019

You have been a techie and developed great security skills. Now you want to move into management, should you? Will you be happy there? How will your life change? Is this a good move?

Herbert McMorris, CGEIT, CRISC, CISM, CISA

141—How to Audit Incident Response Plans
Wednesday, October 16, 2019

Security incidents can have catastrophic consequences. Your organization’s IRP looks good on paper. It’s been mapped, planned, & documented, but has it been tested? Will it actually work? In this session, participants will learn 6 steps to IRPs.

Sergiu Zaharia

142—Segment Everything, Secure the Un-Securable
Wednesday, October 16, 2019

Protecting complex infrastructures and sensitive, distributed information comes up with various and always updating challenges. First of all, segmentation seems to be an easy to understand but difficult to apply topic. The multi-dimensional split of the infrastructure, processes, people and data planes is not always disjoint and requires some level of fuzzy thinking. Second, once dimensions are defined, security controls...

Leighton Johnson, CISA, CISM, CRISC, COBIT 5

143 - IoT + DDoS = Disruptive (Business + Cyber) Risk!
Wednesday, October 16, 2019

Security issues associated with IoT devices and requirements for securing such devices must be stated clearly. Processes then need to be implemented within the organization to ensure that IoT devices are not the weak links.

Brian Marshall

144—Turn Corp Compliance Policies into Testable Requirement for the Mainframe
Wednesday, October 16, 2019

A discussion about the pitfalls and failures that occur with corporate compliance and how to avoid them.

Neetu Choudhary, CGEIT

145—Innovative Risk Identification Approach
Wednesday, October 16, 2019

Based on my 17 years of experience in risk management I have innovated a new approach for the risk identification, which is very simple 5 steps approach, holistic and applicable for all industry and domains. Complete cycle of the risk management.

Vinayak Sastri, CISA, CISM

146—IoT and Data Privacy - A Disruptive Strategic Maturity Framework for Companies
Wednesday, October 16, 2019

The Internet of things (IOT) is the most exciting of prospects amidst the clamour of technologies which are impacting businesses today. IOT has the potential to revolutionise the way businesses work, and clients perceive and use their products and services in an unprecedented manner. A number of businesses are going up the IOT adoption curve and it is an exciting journey into the unknown. It is definitely a new frontier for...

Frank Downs

147—State of Cybersecurity 2019: Workforce Development Trends and the Threat Landscape
Wednesday, October 16, 2019

Hear insights from ISACA’s annual State of Cybersecurity survey covering workforce development trends and attacks, security awareness and governance. The session will present findings surrounding workforce need, skill, diversity...

Mike Dodson

151—Are Trust Stores Part of Your PKI Audit?
Wednesday, October 16, 2019

With PKI, either a certificate chains to a trusted root or it doesn’t. But it’s not that simple. Hear why PKI audits must consider trust stores—their role, their use cases, risks and compliance implications—and how to apply audit best practices.

Linas Laucius, CISA, CISM, CRISC

152—Ransomware - Are You Ready to Face It and Withstand
Wednesday, October 16, 2019

Well known and worldwide published ransomware infections during last years like WannaCry, NotPetya, Bad Rabbit and more, showed us that it is not enough just to have antivirus installed and regularly updated on your computers.

Claudio Cilli, CISA, CISM, CGEIT, CRISC

153—Coping with Emerging Technology: A Security Perspective
Wednesday, October 16, 2019

Hear insights from senior security leaders on the impact emerging technologies have on the business of information security. Specific technologies—such as IoT, AI, and quantum computing—will be discussed along with...

Zechariah Akinpelu, CISM, CRISC

154—Transforming into a Lean Enterprise IT Security
Wednesday, October 16, 2019

Lean is the application of principles whose objective is to eliminate waste while improving process flow to achieve speed and agility at lower cost. There are five principles which are value, the value stream, flow, pull and perfection. All these principles are aimed at improving process by eliminating all forms waste. This...

Manoj Patel

155— Integrated Risk Management (IRM) – Everything You Wanted to Know About!
Wednesday, October 16, 2019

Future of GRC: Integrated Risk Management (IRM) - Everything you wanted to know about! In a world where enterprises struggle with the burden of risk and compliance – there is a better way – I believe it’s Integrated Risk Management.

John Wallhoff, CISA, CISM

156—Creating Algorithms for AI-Analytics
Wednesday, October 16, 2019

The algorithm is the secret key for AI-Analytics, that enable you to explore data to understand behavior, control weaknesses and opportunities within an organization. The value of an algorithm is a reduction of reports you have to review when you instead are equipped with a digital sense and feel that will assist you with the decision where you should focus on details. Equally important is the interface between Analytics/AI and...

David Foote

157—Analyst View: Security/Risk/Audit/Governance Jobs, Skills, Pay Review and Forecast
Wednesday, October 16, 2019

Tech labor research firm Foote Partners' deep-dive analysis of the current/future state of Security/Risk/Audit jobs informed by proprietary data from 2,045 European employers. Advice on what’s working in managing through labor shortfalls, skill gaps.

Jose Ramon Coz Fernandez, CGEIT, CRISC, CISM, CISA

211—The Big Challenges to Perform a Cyber Audit. The Case of Galileo Program (3,500 MEuros)
Thursday, October 17, 2019

The direct dependence on Global Navigation Satellite Systems (GNSS) is around 10% of global economic activity, which can be estimated to be 10 Trillion Euro based on the 2018 Gross World Product. The current availability of around 3 Billion Galileo-enabled chips in smart phones, tablets, computers, and navigation devices and the growth thereof in the coming generations of devices. It will have a big impact on the IT sector.

Guy Herbert, CISA

213—Agile, DevOps and Compliance
Thursday, October 17, 2019

The session will lead participants through the agile development process and how this works with DevOps. They will be shown the interactions with compliance during that process and how they can use technology and process to improve their organisations development speed as well as hitting their compliance objectives.

Andrew Neal, CISM, CRISC

214—1000 Cases of Data: Lessons and Practices Derived from Audit, Investigation and Litigation
Thursday, October 17, 2019

In most organizations, employees, managers and executives have a mental picture of how and where data is collected, stored, protected and used. These conceptual models are very important in helping organizations and their employees understand their business processes, comply with security policy, and evaluate data-centric risk. However, across functional areas (horizontally) and through the levels of management...

Manoj Patel

215—Continuous Risk Monitoring: Adapting to the New Normal of Proving Compliance of Security Controls
Thursday, October 17, 2019

Many organizations struggle to manage the unrelenting onslaught of disruptive cyber-attacks, increasing B2B accountability, security audits (for HIPAA, PCI, ISO 27002, etc.), mounting regulatory oversight, cybersecurity risk management (NIST) and the relentless tidal wave of event noise. This has resulted in CISO’s spending countless nights grasping for an efficient response to the intensifying challenge. The need for a proven...

Dirk Steuperaert

216—Using Data to Tailor Your Governance System
Thursday, October 17, 2019

Have you wanted to improve your enterprise governance but stumbled on how to begin a holistic governance program? Have you wondered how to incorporate your enterprise’s strategy, unique culture, industry considerations, risk appetite, compliance requirements, etc. into a prioritized governance program? The answer is here!

R.V. Raghu, CISA, CRISC

217—Advancing Your Career by Learning to Learn
Thursday, October 17, 2019

Professionals today are required to learn constantly as the only way to success. Learning is a challenge due to various environmental factors and due to the use of inappropriate methods to learn. Using learning models help identify one's learning style and leverage strengths of the models to learn quickly...

Herbert McMorris, CGEIT, CRISC, CISM, CISA

221—Auditor’s Guide to a Thorough, Quality Penetration Test
Thursday, October 17, 2019

Penetration testing allows for a comprehensive assessment of the overall security of the target environment through testing activities that are not typically performed during a vulnerability assessment.

Andrea Pompili, CISM

223—Why I’ve to Waste My Time on Cryptography?
Thursday, October 17, 2019

Cryptography is a magic ring of darkness and mistiness but seems that every time a new attack comes in town, technicians need to evaluate, configure or change something, surviving in the sea of the unawareness or following signals coming from misterious compliance regulations. We'll try to give a little survival guide for this world, which can...

Jason Miller

224—Third Parties – Just Vendors, or Part of the Family?
Thursday, October 17, 2019

As the number of third party relationships continues to grow for most businesses, implementing consistent governance practices is a crucial step in ensuring all parties are appropriately managed, this includes: organizational buy-in and implementation of policies, business wide acceptance of on-boarding procedures...

Sakthivel Rajendran, CISA, CISM, CRISC

225—3 Ideas for Cyber Security Risk Management
Thursday, October 17, 2019

Cyber risks are increasing due to digitization. World Economic Forum lists Cyber Security one among the top 5 global risks for 2019. This session aims to share to 3 ideas in managing cyber security risks in organizational context. Need to secure information assets from cyber risks are growing due to increased digitization. This session proposal aims to introduce 3 ideas to strengthen the organizational defense...

Vinayak Sastri, CISA, CISM

226—Data Privacy - Will it Disrupt the Network Effect?
Thursday, October 17, 2019

The network effect is a phenomenon which has given rise to a number of new age companies like Google, Amazon, Flipkart, whatsapp, Alibaba, Wechat, Uber among others. It is the same phenomenon which also leads to the rise of rumors, fake news, social media disruption, election rigging among others. The network effect which...

Tichaona Zororo, CISA, CISM, CGEIT, CRISC, COBIT 5 Certified Assessor

231—The Role of IT Audit in Driving Business Innovation
Thursday, October 17, 2019

As organisations continue to invest heavily in the development of IT systems to drive better efficiencies, consumer service and competitiveness, it is essential that there is a clearly communicated and coordinated approach between business operations and the DevOps teams to effectively achieve this aim.

Claudio Cilli, CISA, CISM, CGEIT, CRISC

232—How to Define and Build Threat Intelligence Capability
Thursday, October 17, 2019

What is "threat intelligence"? A term overused and ill-defined! What is required to create a true threat intelligence capability, and how does this relate to the nirvana of cyber situational awareness? During this presentation...

Tony Gee

233—Access All Areas: Threats to Corporations from Consumer IoT
Thursday, October 17, 2019

The IoT could soon be the weakest link in network security. From printers to coffee machines, user’s own devices, and even sanctioned large scale installations such as smart lighting and building management systems, the IoT provides multiple potential entry points for the attacker...

Horst Moll, CISA, CISM, CRISC

234—Building a Data Protection Management System on Top of an ISMS
Thursday, October 17, 2019

GDPR Article 5 Paragraph 2 "The controller shall be responsible for, and be able to demonstrate compliance, with paragraph 1 ("accountability"). The question is: "How can the controller demonstrate the compliance?" During the last month companies put a lot of effort and money to be GDPR ready by May 2018. But what comes next? To be...

Rami Sukkar, CISA, CRISC

235—Risk Management - An Integrated Approach
Thursday, October 17, 2019

This session is intended for professionals who want to learn how to implement risk management as an integrated function across an organization. It highlights the evolution of the ISO 31000: 2018 standard, and compares it with other standards.

Nigel King, CISA, CISM, CGEIT, CRISC

236—3 Pillars of Modern Transaction Monitoring
Thursday, October 17, 2019

This presentation discusses components of what should be in every modern transaction monitoring system. While Transaction Monitoring has meaning to any technical audience, it has become a term of art in the Governance Risk and Compliance (GRC) community...

Neetu Choudhary, CGEIT

237—A Structured Approach for the Effective Presentation
Thursday, October 17, 2019

Innovative approach to use Deming cycle PDCA- Plan-Do-Check-Act for effective presentation to management with real life examples and experience. Details of each step with easy to remember abbreviations. Easy way to present complex data/information.

Dr. Vilius Benetis, CISA, CRISC

241—Auditing with SOC-CMM: Cyber Security Detection and Incident Response
Thursday, October 17, 2019

Security Operations Center Capability Maturity Model (SOC-CMM) is freely available methodology for assessing organisations' cyber security operations - from governance, people, skills, processes and technology perspective. Speaker would share own experience using this tool in many diverse projects around the world...

Robert Findlay

242—Auditing Social Media and its Cyber Threats
Thursday, October 17, 2019

Many organisations are now disseminating information and trading through multiple social media channels without any consideration of the threats they face. These threats are both internal and external and in many cases completely out of their control.

Vadim Gordas, CISA, CRSIC

243—Managing Cybersecurity Culture as a Risk
Thursday, October 17, 2019

With over 90% of information security incidents caused by human errors or behavior, the effectiveness of cybersecurity culture program becomes paramount for a successful cybersecurity program. Improving cybersecurity culture is always challenging...

Daniel Gnana, CISA

244—GDPR Aftermatch, an Audit Program Proposal
Thursday, October 17, 2019

Since, 25th May 2018, all enterprises that conduct business and hold personal data are under the mandates of the General Data Protection Regulation (GDPR). The implications of this new data protection requirement are still being discussed and interpreted at enterprises in the EU and around the world.

Marco Salvato, CISA, CISM, CGEIT, CRISC

245—The Journey of Generali Group in Managing Digital Risk
Thursday, October 17, 2019

In order to pursue a digital transformation, requested and desired by the business objectives, the Generali Group has faced a process to regulate and standardize digital risk management. During the session, the project to harmonize digital risk management will be illustrated...

Surinder Singh Rait, CISA, CISM

246—Data Analytics a Better Tool for Implementing Cyber Security
Thursday, October 17, 2019

This session is about my experience in using the Data Analytics for real time monitoring of various data elements and govern the effectiveness of ISMS and Cyber Security within the organization and how effectively this tool can be used for board and executive management presentation.

Guy Herbert, CISA

247—Risk Management and Audit in a High Change Environment
Thursday, October 17, 2019

The world is changing at a faster rate and we need to keep up. We are told that we need to get involved earlier but how does this work when there is so much change happening everywhere?

Tuan Phan, CISSP

311—Auditing Smart Contracts
Friday, October 18, 2019

Smart contracts are tamper-proof computer codes on the blockchain that enable automated execution of agreements, rights, and obligations in digital form between two of more parties. Smart contracts provide standardization, speed, security, and certainty to transaction settlement.

Ira Winkler

312—Stopping Cyber Boom
Friday, October 18, 2019

Whenever a user creates a loss, the security profession takes the position that it was an unaware user and the solution is more awareness training.

Kaya Kazmirci, CISA, CISM, CRISC, CGEIT

313—Emerging Mobile Payment Technology Cybersecurity, Disruption and Risk Development
Friday, October 18, 2019

Two fundamental changes in traditional payment methods are changing the landscape of spending: Emerging blockchain based currencies and alternative payment channels are disrupting time honored cash and credit card based transaction service providers. Enabling cheap transactions where traditional banking services are expensive is critical for supporting business growth (especially in the developing world where banking...

Dina Numan

314—Case Study - Bridging Program for the Banking Sector from COBIT 5 to COBIT 2019 MENA & GCC Region
Friday, October 18, 2019

In 2016 the central bank of Jordan mandated the financial sector to implement COBIT 5 (covering the 17 enterprise goals,17 IT goals,37 processes) and achieve capability level 5 for all of them in three years’ timeframe.

Ian Musgrave, CISA

315—Cyber Security - 10 Things Your Senior Management Must Know
Friday, October 18, 2019

One of our most important aims, as IT auditors and risk professionals, is to clarify a subject which is sometimes quite technical, to make our voice heard and ensure we are a presence at the top table. Too often we lack ‘the art of storytelling’. We assume that other share our level of knowledge and appreciation of risks.

Leighton Johnson, CISA, CISM, CRISC, COBIT 5

316—Auditing Big Data Systems
Friday, October 18, 2019

Big Data is the term used to describe our ability to make sense of the ever-increasing volumes of data in the world. Whether you call it big data, analytics, business intelligence or data analysis doesn’t really matter that much.

Paul Phillips, CISA, CISM, MBA

317—Auditors Adding Value, Technology Evolving, Part 1 PRESENTATION
Friday, October 18, 2019

Implementing and utilizing cutting edge technology can be a game changer for an organization, but it does not come without risks. While technology can help organization automate time consuming manual tasks and increase accuracy of error prone processing it can...

Susanne Moeller-Hansen, CISA, CISM

321—How to Avoid Drowning in the Sea of Data and Retrieve Meaningful Intelligence
Friday, October 18, 2019

In this session we will go through the monitoring technologies used by a large number of companies, such as FIM, IDS/IPS, SIEM, DLP, DRM. We will discuss the pros and cons of each solution, and we will look into how they fit into the overall protection environment of different organisation types...

Ira Winkler

322—Creating a Human Security Officer
Friday, October 18, 2019

According to an ISACA survey, while security practitioners believe there is a business imperative for having a strong security culture, only 5% of organizations have a strong security culture. Yet organizations continue to rely on awareness programs and methods proven to be ineffective.

Pablo Ballarin, CISA, CISM

323—Designing, Governing and Auditing Trustworthy AI-Driven Systems
Friday, October 18, 2019

While artificial intelligence brings companies and nations great potentials, it also brings major new challenges that affect not only corporate and national security but also the foundations to the security of humanity. New questions need to be raised: How is artificial intelligence re-defining power?

Andrew Neal, CISM, CRISC

324—Transformational Governance: Leveraging Governance as a Tool to Enable Growth and Accelerate Change
Friday, October 18, 2019

Many organizations are heavily invested in the idea of digital transformation, seeking engagement with new technologies to rapidly evolve service delivery, customer experience, and client or employee engagement.

Joseph Mayo, CRISC

325—NextGen Risk Management
Friday, October 18, 2019

Narasimhan Elangovan, CISA

326—Data Governance in the Analytics and Privacy Driven Era
Friday, October 18, 2019

Industry 4.0 has seen a rapid rise in data-driven business models. From multi-national companies to new-age start-ups, analytics are deployed on the data collected to offer innovative solutions. We often see newer business models and solutions evolving over time by harnessing the power of analytics and big-data.

Milt Rosberg

SS 1—Passed Your Audit? Are You Secure?
Wednesday, October 16, 2019

An informative presentation on the state of corporate audit and compliance and how to establish consistent Best Practices.

Tony Gee

The Weaponisation of the IoT
Thursday, October 17, 2019

In the future, the IoT will provide the ultimate attack surface, connecting numerous disparate objects, vehicles and networks. It’s a hacker’s playground and one in which they will be one step ahead, with unprecedented access to smart devices which they can hack at their leisure, reverse engineering key components and software.

Welcome to Geneva

Geneva

Birthplace of the World Wide Web, Geneva is a hub for technology. Take a break from the conference to enjoy the world-renowned architecture around Geneva or take in the natural beauty of the Alps and Mont Blanc.

Geneva's breathtaking views provide the perfect background for a variety of unforgettable experiences. Serving as the ideal starting point to the Alps, this cosmopolitan town also offers a vibrant cultural life and fine dining.

Renowned as the cradle of luxury watchmaking, Geneva's exclusive boutiques offer a unique shopping experience. The city's humanitarian role has also earned it the title of "Peace Capital" and this is the place where business leaders come to meet. Geneva is a place with multiple charms that never disappoint. Let yourself be swept away.

Click here to view a listing of venues and restaurants to visit while in Geneva. Courtesy of Switzerland Chapter member Paul Wang.

Palexpo Convention Centre

All conference events take place at the Palexpo Convention Centre, unless explicitly noted in the event schedule. ISACA highly recommends that attendees stay at the Starling Geneva Hotel, located across the street from the Convention Centre – see full hotel details below.

Explore Now

All conference events take place at the Palexpo Convention Centre, unless explicitly noted in the event schedule, but make sure you enjoy everything Geneva has to offer. Explore the conference destination interactive, digital map to plan your downtime in and around the event city, Geneva, Switzerland.

Enjoy a unique new way to view the city. Use this interactive guide to get to know what's around the conference. Explore, experience, and enjoy what Geneva has to offer.

Click here to view an interactive,
digital map of Geneva.

HOTELS

Starling Geneva Hotel

Route François-Peyrot 34
1218 Le Grand-Saconnex
Geneva,
Phone: +41 22 747 02 02

Click Here to Make Your Reservation

Welcome to the heart of the biggest hotel in Switzerland, the unique urban resort in Geneva. On site, the Starling Hotel Geneva invites you to take advantage of the many different facilities dedicated to business, sport and leisure. An experience to enjoy and savour, awaken all your senses on a gourmet getaway in 1 of our 4 restaurants and bar. Close to the city-center, it benefits from easy access to Geneva Airport as well as to Palexpo.

ROOM RATES
Business room for single or double occupancy per room, per night: CHF 240 (service and tax included)
City tax per person/per night: CHF 4 (Rate subject to change depending on law regulations for 2019)
Breakfast included in room rate

HOTEL CUT-OFF DATES
On Monday 8th July 2019, 30% of the rooms booked without names will be released.
On Wednesday 21st August 2019, 60% of the rooms booked without names will be released.
On Monday 9th September 2019, 100% of the rooms booked without names will be released.

Source:https://www.google.com/maps/embed/v1/place?key=AIzaSyBCVx-tEuRnYtbf-giBvHGUjRFcy1dUgKY&q=Starling+Hotel+Geneva

Getting There

With Worldwide by easyJet you can now book flights from far away destinations like New York and Singapore!

easyJet can connect you around the world and across Europe in one handy place with a quick and easy transfer through one of our connection hubs across Europe.

https://www.easyjet.com

Getting Around

By staying in a hotel, youth hostel or at a campsite, you are entitled to receive a personal and non transferable Geneva Transport Card for free, which will allow you to use the whole public transportation system of Geneva for the length of your stay for free. This includes buses, trams, trains and yellow taxi-boats - "Mouettes". Just ask for your card on arrival at reception.

http://www.geneva.info/transport/card/

Thank You to Our 2019 Sponsors!

Supporting Sponsors

Innovation Sessions – Located in the Innovation Exchange

IN1: Unknown and Known Digital Unknowns in 2019, Sponsored by ImmuniWeb
Wednesday, 16 October | 10:50 - 11:10

IN5: GOLDENHORN ORM and IRM Modules Runs on ORCOM (Operational Risk Consilient Operating Model), Sponsored by TACAS
Thursday, 17 October | 10:35 - 10:55

IN7: Third-Party Risks Aren't Static: Monitoring Tips and Tactics, Sponsored by OneTrust, LLC
Thursday, 17 October | 12:40 - 13:00

2019 Speakers

Alberto Grigoletto

Chief Risk Officer, Generali IT

Alberto is currently the Head of Generali Group Operational Risk and Chief Risk Officer of Generali IT and Procurement Shared Services company. His current responsibilities include the development and implementation of the Group Capital Internal Model for Operational Risk and the management of the Group Operational and IT Risks framework. He has +20 years of experience in financial industry, also working in business process re-engineering as Head of Organization departments and leading the Project Management Office of Solvency 2 Project. Alberto holds a degree in Statistics from Padua University, Italy.

Uday Ali Pabrai

CEO, ecfirst

Ali Pabrai is a renowned, globally recognized, cybersecurity expert and member of Infragard (FBI). He is a top-rated dynamic speaker. Mr. Pabrai is the chief executive of ecfirst, a compliance and cybersecurity company. ecfirst is an Authorized HITRUST CSF Assessor. Ali served on the HITRUST Assessor Council. Mr. Pabrai is the author of several published works. He is a member of the FBI InfraGard and has served numerous U.S. government agencies in several engagements.

Allan Boardman, CISA, CISM, CGEIT, CRISC

Director, CyberAdvisor.London

Allan is an experienced business advisor helping organizations manage their information and technology risks. He trained at Deloitte Cape Town where he qualified as a Chartered Accountant before moving to London in 1986. He has held leadership roles in audit, risk, security and governance at various global organizations including GSK, Morgan Stanley, JPMorgan, Goldman Sachs, PwC and KPMG. He is a Past President of ISACA London Chapter and has served on ISACA International’s Board of Directors, Strategic Advisory Council, Leadership Development Committee and chaired its Credentialing and Career Management Board, CISM Certification Committee and Audit and Risk Committee.

Anand Prakash Jangid, CISA

Managing Partner, AJA

A passionate evangelist for tech-based disruption in Audit & Finance domain, Anand is professionally a Chartered Accountant & Certified Information System Auditor. He is Managing partner at AJA, An Organization with focus in the area of Forensic audit, IS audit, Fraud Analytics and Blockchain for Internal Audit function. Anand was part of the risk management team at Goldman Sachs, covering multiple audits across much geography for different function in the organization. His areas of specialization were Forex audit, DP audits, Anti money laundering, Basel II, BCP and operational risk.

Anders Kjaergaard, CISA, CISM, CRISC

Director, Grant Thornton Denmark

More than 15 years of experience in IT Security and auditing. Director of IT Audit & Advisory for Grant Thornton, Denmark. Most recent work has been as internal auditor in the financial sector - Central Bank of Denmark and Danske Bank.

Andrea Pompili, CISM

Cy4gate

Andrea Pompili is an information technology specialist that takes care of security. Andrea was well known in his youth to be one of the most famous Italian programmer of old computer games. Once graduated, he started working on enterprise software development, and then on computer security, following security threats and security solutions on strategic projects firstly for Wind Telecommunication and then for Telecom Italia. Currently Andrea is a strategy advisor in security and aims to discover and integrate innovative solutions for this connected world.

Andrew Neal, CISM, CRISC

President, Information Security and Compliance, TransPerfect

Andrew Neal is an executive and practitioner in the information security community. Advising on data privacy, security and litigation projects for internal and external clients around the globe, he serves as a trusted subject matter expert for business leaders and legal professionals. Andrew leverages 30 years of business, technical and risk management experience to build programs, lead teams and execute projects internally at TransPerfect and across a wide range of client organizations. An effective communicator and engaging speaker, Andrew presents at international conferences and seminars, and teaches at major universities. He is active in several professional organizations, focusing his efforts on the development of professional standards and the mentorship of other professionals. Living in Dallas, Texas, Andrew currently leads the Information Security and Compliance Services division at TransPerfect, a global business services company.

Asim Fareeduddin

VP, Regulatory Controls & IT Security Assurance, RELX Group

Asim Fareeduddin is Vice President, IT Security & Regulatory Controls Assurance for RELX. Asim has 19 years of experience in privacy, information security, compliance and audit. Asim’s experience includes building and executing audit programs, managing regulatory and injunctive relief compliance, HIPAA/HITECH, EU Data Privacy laws, SOC report, SOX audits, application and network security reviews, privacy and regulatory compliance with data privacy laws, and online privacy protection. Asim also has extensive experience in co-sourcing with external auditors as a value-added partner. Prior to RELX, Asim worked in “Big Four” IT audit/security. Asim earned his B.S. and master’s Degrees in Accounting with a Concentration in Information Systems from the University of Florida. He also holds the following professional certifications: Certified Information Privacy Professional, Certified Public Accountant, Certified Information Systems Auditor and Certified Information Security Manager. Additionally, Asim serves as a Part-Time Instructor at Georgia State University's Robinson College of Business where he teaches master’s level students on Internal Audit and Information Technology Audit.

Christian F. Nissen, CISM, CGEIT

Senior Consultant, CFN Consult ApS

Christian Feldbech Nissen has 30 years of experience in the IT domain, especially with IT service management, IT governance, IT operations and Information Security. He is recognised as an international thought leader, author and lecturer, but also as an experienced and down-to-earth practitioner striving to make things happen in real life. He has a long proven track record from around 150 of the largest private and public organisations in Denmark. Last, but not least, he holds more than 50 different certifications in IT Management, and has achieved the ITIL Master level, demonstrating that he has contributed with measurable results within all IT service management disciplines.

Claudio Cilli, CISA, CISM, CGEIT, CRISC

University of Rome

Prof. Claudio Cilli is a recognised world leading authority in the areas of National Security and Intelligence, company protection, information systems security and compliance, with over 25 years of experience. He currently advises governments and int’l companies in the cyber-security and critical infrastructures protection areas. University professor and researcher. Lesson arguments include computer science, software compilers, lexical and semantic analysers, information systems analysis and development. Member of the scientific and advisory boards. Teacher in the post-graduate master’s in computer security and IT Governance. Consultant to the U.S. Government and companies who supply the Department of Defense. Consultant at the United Nations. With many big firms, he is responsible of IS Audit and security projects, which include civil and military sectors, software quality and code security, security of the information systems and installations. Designed and implemented systems based on mainframes and distributed architecture, including Disaster Recovery and both data and physical security, information and site protection.

Daniel Gnana, CISA

Sr. Audit Manager, M.

Daniel is a senior consultant in information security governance, risks and compliance. He is also an assessor for ISO/IEC 9001 and 27001 certifications and provides training courses in cyber risks and security.

David Foote

Chief Analyst & CEO, Foote Partners, LLC

David Foote is co-founder and chief analyst at Foote Partners, headquartered in Vero Beach, Florida. A tech labor trends benchmark research pioneer and one of the most quoted industry authorities on global technology workforce evolution, he has spent more than two decades introducing groundbreaking data-driven benchmark research techniques and innovating industry practices for more accurate tech compensation benchmarking and tracking/forecasting of tech skills supply and demand. He built his reputation at Gartner and several Silicon Valley companies prior to co-founding Foote Partners in 1997. There he leads a senior team of analysts, consultants and researchers in publishing continuously updated quantitative and empirical tech labor research supported by close research partnerships with 5,470 employers in the United States, Canada, and Europe.

Dina Numan

Head of Advanced Governance & Management Consultancy Service, ScanWave Comprehensive Technical Solutions

12 years of experience in IT Service Management, Quality Assurance, Quality Control, Process Reengineering, IT Governance. Leading COBIT 5 and COBIT 2019 adoption and implementation projects in Jordan.

Frank Downs

Director and SME, Cybersecurity Practice, ISACA

Downs, an 11-year cybersecurity specialist, graduated with a bachelor’s degree in English from the University of Maryland, after which he promptly joined the US Department of Defense as a subject matter expert, working with computer networks on a daily basis. Realizing that English and cybersecurity were two very different concepts, Frank proceeded to obtain a master’s degree in cybersecurity from UMBC, after a pit stop at Johns Hopkins to obtain a master’s degree in Government. Eventually, he decided to ease the learning process for individuals transitioning from non-technical backgrounds into cybersecurity by becoming a full-time Intelligence and Operations Consultant for multiple federal law enforcement and intelligence agencies. He is now Director, Cyber Information Security Practices at ISACA, sharing the good news about ISACA’s Cybersecurity Nexus (CSX) platform.

Frans Szabo

Sr. Security Specialist, Rabobank

Frans Szabó has almost 30 years of experience in the banking industry. Working in -amongst others- the fields of core IT, Service- and delivery management, Continuity Management and marketing and customer support, Frans has "seen it all". In his previous position Frans protected the bank's customers against fraud through cybercrime. All the bad stuff he learned doing this, is put to use in his current role: Head of Red Teaming. Testing all of the bank's security measures as far as possible.

Graham McKay, CISM, CRISC

Data Protection Officer, Deloitte

Passionately creating, collating and communicating knowledge to enable privacy and build secure, resilient communities, Graham is a driven, impactful privacy and security leader, developing people and deploying strategies with a business enabling focus. Combining privacy, technical, legal and regulatory expertise he provides expert, actionable, strategic guidance allowing organisations to align their behaviour and culture to deliver a privacy and security focus benefiting employees, stakeholders, clients and communities. Passionate about awareness, training and education, he has delivered transformational programs for privacy, data protection and security, focused on the individual. An international conference speaker he is dedicated to delivering awareness, training and education to the widest possible audience to influence positive behavioural change and increase societal security and privacy.

Guy Herbert, CISA

Risk Futurist, Atlassia

Guy has over 25 years working in Risk, IT and Technology across the Finance, Telecommunications, Pharmaceutical and Software industries. He has managed risk, compliance, audit and technical delivery teams during this time. Guy has been thinking of better ways for Atlassian to manage IT Risk and Compliance since Sept 2013. Atlassian is an Australian company started 17 years ago that builds software to help teams work better together – products include Jira, Confluence, Bitbucket, Trello, Statuspage and Opsgenie.

Herbert McMorris, CGEIT, CRISC, CISM, CISA

Lead Practitioner, KirkpatrickPrice

Herbert McMorris is a Lead Practitioner for KirkpatrickPrice. He has over 38 years of industry experience, including network engineering, governance, risk management, and control. Herbert holds several certifications including CISSP, CISA, CISM, CRISC, and CGEIT. Herbert provides services to clients and stakeholders who are seeking to understand compliance and regulatory requirements by helping them navigate the complex world of data security.

Horst Moll, CISA, CISM, CRISC

Security Manager, Vodafone Deutschland GmbH

Horst Moll is Security Program Manager at Vodafone Germany. Before he joined Vodafone, he worked at the Deutsche Telekom, where he led the ISMS Certification for the German local market unit and was the Lead Architect for the Security Risk Management Process for Deutsche Telekom Group. Beforehand he was working as Information Security Consultant in different industries around the globe. He has a master of electrical engineering (RWTH Aachen) and achieved security certifications including CISA, CISM, CRISC, CISSP, MBCI, ISO/IEC 27001 Lead Auditor. Since 2007 he is a certified ISACA trainer.

Ian Musgrave, CISA

Head of IT and Cyber Assurance, Uniac

Ian manages Uniac’s IT and Cyber Assurance service across its client base in the UK Higher Education sector. His team focuses on reviewing all elements of ICT risk including IT Strategy and Governance, Information Security, Data Protection and Cyber Security. Ian is a Certified Information Systems Auditor, CIA and has achieved PCI Professional status.

Ira Winkler

President, Secure Mentem

Ira Winkler, CISSP is President of Secure Mentem and author of Advanced Persistent Security. He is considered one of the world’s most influential security professionals, and has been named a “Modern Day James Bond” by the media. He did this by performing espionage simulations, where he physically and technically “broke into” some of the largest companies in the World and investigating crimes against them, and telling them how to cost effectively protect their information and computer infrastructure. He continues to perform these espionage simulations, as well as assisting organizations in developing cost effective security programs. Ira also won the Hall of Fame award from the Information Systems Security Association, as well as several other prestigious industry awards. Most recently, CSO Magazine named Ira a CSO Compass Award winner as The Awareness Crusader.

Jan Anisimowicz, CISM, CRISC

Director Audit, Risk & Compliance, C&F Sp. Z O.o.

Experienced senior IT manager with over 20 years of experience in GRC (audit, risk and compliance management), Data warehousing, Business Intelligence, Big Data and data analysis. Broad business and technical perspective in telco, banking, pharma and insurance. A staunch supporter of a pragmatic, lean and cost effective approach to regulatory requirements implementation in the organizations. Active in the space of #FinTech, #InsurTech and #RegTech. Public speaker at international conferences (topics related to IT Security, Risk Management, Compliance, GRC and data privacy). Involved in the process of analysis and verification of how artificial intelligence could support auditors in the space of IoT, Big Data and dispersed IT environments. Strong supporter of blockchain technology, which in his opinion should be widely used based on Smart Contracts with respect to data privacy principles (Privacy By Design). Member of the blockchain working group under the supervision of the Polish Ministry of Digital Affairs. Active participant of international organizations: ISACA (CISM & CRISC certificates), PMI (PMP certificate) and IIA (Institute of Internal Auditors).

Jason Miller

IT Security Assurance Manager, RELX Group

20+ years in networking, security, audit/assessment; CISSP, CIPP/US, MSIA; Masters in Information Assurance – Norwich University (Northfield, VT) Relevant Experience: +Worked in “Big Four” with Information Security & Cybersecurity Groups +Information Security Assessments +Managing security programs for Banking, Healthcare, & Business Services

Joseph Vest

Director of Training, SpecterOps

Driven by his curiosity, perseverance, and passion for technology, Joe Vest's mantra for his work and teaching is: "Often the journey of an experience can be as valuable as the end." Joe has than 17 years of experience in red teaming, penetration testing, and application security. Experience ranges from authoring and instructing a SANS red team course, to owning and operating a security consulting company, to acting as technical lead for a DOD red team. He has also worked in numerous commercial sectors, which has given him extensive knowledge of cyber threats, tools, and tactics, including threat emulation and threat detection. Today, Joe is the training director at SpecterOps where he uses his experience in red team operations, cyber threat analysis, cyber threat emulation and replication, application security, vulnerability assessment and mitigation, and incident mitigation to train and educate. Joe has a variety of professional certifications. When he's not teaching or evangelizing about cybersecurity, you'll find Joe out skateboarding or paddle boarding with his son.

John Wallhoff, CISA, CISM

Advisor/Management Consultant, Scillani Information AB

John Wallhoff (CISA, CISM, CISSP), president ISACA Sweden Chapter, is a management consultant and advisor in IT & Security and Fraud & Corruption. With practical experience in analytics for over 20 years, he has gained a sense of what data can do to an organization and can still get fascinated when having data at his fingertips.

Jorke Kamstra, CISA

IT Risk Manager, Euroclear

Jorke Kamstra is a fireman wearing a suit and a tie. My focus at Euroclear is on IT cyber resilience, assessment methodology and policy building. As a risk manager I identify, challenge and advice on existing cyber practices. Previously I was a banking regulator, project manager and a Unix system engineer. I am passionate about communication and public speaking and I am convinced that creating a platform for communicating our problems, risks and threats enables us all to learn from feedback and better prepare for success.

Jose Ramon Coz Fernandez, CGEIT, CRISC, CISM, CISA

Cyber Internal Auditor, European Space Agency

He has over twenty years of experience in the field of ICT covering different positions: auditor, project manager, consultant, architect and analyst. Currently working as GNSS Cyber Internal Auditor at the European Space Agency, and he is a researcher in the Department of Applied Economics at the Complutense University of Madrid. He is professor at several institutions, universities and business schools. He collaborates as a reviewer for several international journals and he is member of several committees and IT associations.

Joseph Mayo, CRISC

Program Manager, J. W. Mayo Consulting LLC

Joseph W. Mayo is an award-winning project manager and Internationally recognized risk management expert. Mr. Mayo is an Information Technology professional with over 28 years of experience. He holds a bachelor’s degree in Information Technology and a master’s degree in Information Systems. Mr. Mayo is a PMI certified Project Management Professional (PMP), Risk Management Professional (RMP), holds Certified in Risk and Information Systems Control (CRISC) credential from the Information Systems Audit and Control Association (ISACA), and is certified by the Risk Management Society (RIMS) as a Certified Risk Management Professional (RIMS-CRMP). Mr. Mayo is the first risk practitioner to be credentialed by the three internationally recognized, risk management credentialing bodies; PMI, ISACA, and RIMS. He is an active industry volunteer who regularly participates in industry working groups and strives to enhance global risk management and project management practices. He is an author, speaker and conference presenter on topics that include risk management, project management, and quality assurance.

Kaya Kazmirci, CISA, CISM, CRISC, CGEIT

Managing Director, Kazmirci Associates

Kaya Kazmirci specializes in Fintech Governance & Cybersecurity Services and offers related trainings including: CISA, COBIT, CISM, CRISC, CGEIT, CISSP, and ITIL. He is presently teaching at Bosphorous University and was previously the Internal Audit Director in Istanbul Turkey for Avea (Mobile Telco operator). Kaya has a bachelor’s degree in Engineering Sciences Modified with Computer Science and Electronics from Dartmouth College and is a CISA, CISM and CISSP. Kaya has over 30 years of experience in Information Technology and Business. Kaya is one of the ISACA Istanbul Chapter founders and a past Chapter President. He has extensive experience in restructuring the IT function, and implementation of audit methodologies in large banks and telecommunication operators. Kaya’s experiences include extensive reviews of financial management systems including banking, billing and charging, accounting and ERP (SAP & Oracle) systems, and IT organizations. Kaya also has experience in providing technical, operational, organizational, security and theoretical advice to Internet and e-Commerce focused organizations. Kaya is well versed in generally accepted IT standards such as COBIT, Prince2, ITIL, the International Standard 27001 for Information Security Management, and NIST Standards.

Kodjo Mawugbé Akpondeou, CISA

Manager, EXCO AFRICA

Kodjo Mawugbé AKPONDEOU is a young Manager at EXCO AFRICA, with the challenge of building an IT Audit and Advisory Team in West Africa. He joined EXCO after more than Six years spent at KPMG where he oversaw both IT and Financial audit and Advisory engagements. He worked in many countries in West Africa, such as Ghana, Togo, Côte d’Ivoire, Mali, and Benin. Kodjo is a chartered public accountant and has developed a real passion for IT Audit, but a lot more for IT Security. Therefore, he endeavors to be CISA and CEH certified. He thinks that no one can know it all, so he is a continuous learner. He hopes he will learn a lot from exchanges he will have with highly qualified professionals of ISACA.

Leighton Johnson, CISA, CISM, CRISC, COBIT 5

ISFMT

Leighton is the CTO of ISFMT (Information Security Forensics Management Team), a provider of computer security & forensics consulting and certification training, and has presented computer security, cyber security and forensics lectures, conference presentations and seminars all across the United States, Asia and Europe. He is also the founder and CEO of Chimera Security, a research and development company delving into the realms of cryptography, Blockchain, mobile technology and cloud computing to create better and more secure solutions for today’s advanced users and providers. He has over 40 years’ experience in Computer Security, Cyber Security, Software Development and Communications Equipment Operations & Maintenance spanning the industries of retail, government, defense industrial base, banking, and information technology. He retains many professional security certifications, including CISA, CISM, COBIT 5, CAC and CRISC and has taught certification, risk management, forensics and auditing courses around the world over the past 15 years. He performs additional duties as the SC-ISACA Board VP and Chapter Instructor, and he recently was awarded the HQ ISACA Accredited Trainer status by ISACA and APMG.

Linas Laucius, CISA, CISM, CRISC

Lead Cyber Security Auditor, Nasdaq

On 2002 I've started my professional career as a system administrator in Security Service of Lithuania. Later I have decided to expand my technical background and from system administrator I moved to a network engineering area. Around year 2006 Information security became an area of high interest and importance in Lithuania. Therefore, I turned my career this way and after finishing lots of Information Security related courses, in country and abroad, I was promoted to a role, equivalent to CISO, on Lithuanian government owned Enterprise Centre of Registers. I have spent in this role 5 years. Since 2011 I am an ISACA Lithuanian chapter member. Lithuanian territory limited business area and local Lithuanian Enterprise was not a challenge anymore after 5 years. Looking for a new professional opportunities and further professional growth I have joined Information Security team of worldwide company Western Union. I was responsible for a 3rd party risk assessments and participated as an InfoSec expert on assigned technical projects. Part of my job was security architecture. In a few years, on 2016, I've received a new opportunity to join a second-largest stock exchange in the world - Nasdaq in the role of Lead Cyber Security Auditor. With still a great passion and strong enthusiasm I am 3 years in this role already.

Mahmoud Abouelhassan

Senior Manager, E-Finance

Mahmoud is an expert in IT field with 20+ years of Experience focusing mainly on Digital Transformation, Information Security, IT Projects and Operations Management. His experience diversified in several Business areas like Digital Transformation, Data Center services, Cloud and Virtual Hosting, ISO 27001,20000, 9001, 22301, E- Commerce, IT Strategy and Business Transformation, Budgeting and Enterprise Planning. He held several positions like Applications and E-commerce Manager, Data Center Operations Senior Manager, Head of PMO in Raya “one of the largest technology companies in Egypt”, recently he is Senior Manager (Digital Transformation) in E-Finance. Mahmoud one of the main players in the successful transformation like one of the most famous e-commerce websites in Egypt rayashop.com, actively involved in launching Raya Nigeria and Raya Algeria. In addition to Data Center business from the startup to be one of the Key Data Center Providers and one of the key players in the Egyptian Data Center Market, differentiated by its ISO certificates and skilled people, Participated in creating 5 years strategic plan with extensive engagement with the Business. Mahmoud holds B.Sc. from Cairo University, M.Sc. from Middlesex UK in Computer Science, Data Center Expert from Capitoline, and Advancement Management Program from RITTI.

Manoj Patel

Security & Risk Practice EMEA, ServiceNow

Manoj Patel, serves as Senior Advisor for ServiceNow’s Global CyberSecurity and Risk Practice, focused on solving Enterprise Risk & Cyber Security challenges. Manoj brings a total of 20+ years of experience in CyberSecurity, Integrated Risk Management, and Enterprise Legal Management in different senior positions from multinational organizations. He holds an MBA from UK, M.S. from Germany, and B.Sc. (Physics) from India. He is certified as GRCP and in CyberSecurity. Occasionally, he does exhibition of his paintings in his favorite jazz club – Einstein - in Munich.

Marco Salvato, CISA, CISM, CGEIT, CRISC

Generali

I am passionate about IT Governance, process design, security management and, of course, risk management. In the past I was a developer, an entrepreneur, and a consultant for over 10 years in KPMG. For the past 10 years I have been working for the Generali Group in IT Security, IT Processes and IT Governance. Since 2018 I have been responsible for Digital Risk at Group level. As a volunteer, I was one of the founders of the ISACA VENICE Chapter where I currently teach the CISA and COBIT 5 modules.

Matthias Kraft, CISA, CISM, CGEIT, CRISC

Associate Director - Internal Audit, Fidelity International

Matthias is an Information Security & Technology Audit executive with 15+ years of experience within the IT industry. Matthias is a global citizen with working experiences from Germany, France, Luxembourg and New Zealand where he helped customers achieving potential in the areas of Information Security, Information Risk Management and Information Systems Audit. He currently works as Associate Director Internal Audit for Fidelity International, a global investment and asset management company. Matthias is based in Germany and Luxembourg and holds multiple professional certifications such as CISA, CISM, CGEIT, CRISC and ISO27001LA.

Mike Dodson

VP WW Customer Security Strategy & Solutions, Venafi

Mike Dodson is VP Worldwide Customer Security Strategy and Solutions at Venafi, where he helps Global 5000 companies and organizations protect their machine identities—securing keys, certificates, and cryptographic systems that form the basis of privacy, security and identity in all enterprises. A Master's degree in computer engineering with additional training in cryptography, combined with 25 years of operational experience and consulting, give Mike a deep and practical understanding of the problems that occur in real-world IT environments.

Neetu Choudhary, CGEIT

Compliance Analyst

Neetu Choudhary is a passionate quality and business excellence professional with more than 17 years of experience. She holds a master’s degree in Computer Application with honours. She is an ASQ Certified Six Sigma Black Belt practitioner, EFQM certified assessor, CMMI associate, ISACA certified in the governance of enterprise IT (CGEIT) and ISO 9001-2015 certified lead auditor. She has published several articles and facilitated many presentations on quality, six sigma, business excellence, risks and project management. As a philanthropist, Neetu works on to create a better world for all beings by sharing her distinctive insight through writing and speaking about “peace through parenting”, compassion, world peace and humanity.

Nigel King, CISA, CISM, CGEIT, CRISC

Nigel is Chief Strategy Officer for SafePaaS, the leading Risk Management platform for large enterprises. Nigel is also Senior Lecturer in Information Technology at Nottingham Trent University. Nigel has recently returned to the United Kingdom after a long career in Silicon Valley where he was Chief Architect and Chief Information Security Officer for PowerSchool, the leading education technology platform in North America and before that he was Vice President for Security and Functional Architecture for Oracle's Cloud Applications.

Pablo Ballarin, CISA, CISM

Cybersecurity Specialist, Balusian

I provide strategic services related with cybersecurity governance, risk management frameworks and compliance. In the last years I have assisted top companies in different industries (retail, banking, telecommunications, public administrations, media, and entertainment) in Europe and South America. I also work as IT auditor for telecommunications regulators in South America, I'm an Associate Professor and cybersecurity trainer, member of the board of ISACA Valencia and speaker. In the last year I have directed a research related with cybersecurity and privacy issues in Brain Computer Interfaces solutions and ethical issues in AI algorithms.

Prasant Vadlamudi, CISA

Director - Technology GRC, Adobe

Prasant Vadlamudi has more than 12 years of experience in the technology audit and compliance field. He currently works as Director of the “Technology – GRC” group @ Adobe and is responsible for leading the compliance efforts across all of Adobe. He has extensive experience in various cloud-based security and compliance related audits and is very familiar with frameworks like SOC2, ISO, PCI, HIPAA and FedRAMP. Prior to joining Adobe Prasant used to work with the ITRA division at Ernst and Young. Prasant is also the main architect of the Common Control Framework (CCF) by Adobe which is the cornerstone of Adobe’s company-wide compliance strategy.

Qadir Abdul

Internal Audit Manager, B2V Gestion

R.V. Raghu, CISA, CRISC

Director, Versatilist Consulting India Pvt. Ltd

R.V. Raghu, CISA, CRISC, is director of Versatilist Consulting India Pvt. Ltd. Raghu cofounded Versatilist, which provides consulting, training and auditing services in information security, IT service management, business continuity and enterprise risk management. Raghu has more than a decade of extensive, hands-on, global experience across various verticals, such as engineering, manufacturing, IT, ITeS, BFSI, chemicals, mining and telecom. He has provided training, consulting and implementation support for establishing management systems compliant to ISO international standards and other frameworks, such as CMMI and COBIT. He is a gold level member of ISACA and is immediate past president of the ISACA Bangalore Chapter, where he has served as director of membership, secretary, vice president previously.

Rahat Sethi

Manager, Technology GRC, Adobe

Rami Sukkar, CISA, CRISC

Risk Manager, Averda

I am a seasoned IT manager, with a passion for improving the performance of organizations, through the use of best practices’ frameworks in IT, governance, risk and project management. Additionally, I also train employees on topics related to the optimization of IT & project management processes, and Cyber security awareness. Working as an IT Governance and Risk Manager at my current company today, I have helped in the establishment of a corporate governance framework, through the rollout of IT Policies and Procedures using ITIL, a Risk Management framework using ISO 31000, and an IT security platform covering the hardening of Cybersecurity controls and measures, and employee training.

Ramzi Sunna

Chairman, ScanWave Comprehensive Technical Solutions

Robert Findlay

Global Head of IT Audit, Glanbia

Currently the Global Head of IT Audit at Irish dairy and protein leader Glanbia, Bob has over 30 years IT, audit and security experience. Having started in mainframe computer operations for a French Bank in the 1980’s Bob has managed most IT functions including programming, project management and data centre operations in addition to significant stints in IT audit and as Chief Information Security Officer. Bob started working in IT audit in the Audit Commission and has since managed and set up IT audit functions in global businesses, such as British Airways, The Co-operative Group, ARYZTA, Paddy Power and now Glanbia as well as spells consulting for EY.

Rosemary M. Amato, CISA

Head of Demand Management, ING Bank

Being one never afraid to challenge the status quo, Rosemary has spent her career first as a Management Accountant, and then at a Big 4 helping companies grow, innovate, and become a leader in their industry. Currently Rosemary works for ING Bank, in the global office of data management serving in the role of Head of Demand Management. Previously she was a Director within the Central Mediterranean Firm of Deloitte, based in Malta, and prior to that she was based in Amsterdam where she was a Managing Director within Deloitte’s Global Finance organization.

Sergiu Zaharia

Technology Architect, BearingPoint

Sergiu began his security career in 1999 as IT security engineer with Defense Intelligence, focusing on network security and cryptology, gathering multi-disciplinary experience as Chief Information Security Officer with telco, banking and retail players. As Central Security Director of Telekom Romania, in 2010 Sergiu unified a wide range of security teams into one, directly reporting to the CEO. As a member of Business Continuity Management and Crisis Management groups of excellence in Deutsche Telekom, Sergiu benefited from a know-how transfer from top global cyber resilience experts. Currently he’s developing the Security Center of Excellence in Romania and provides security advice to customers across several sectors. Sergiu has a master’s degree and a merit diploma in IT Security from the Military Technical Academy of Bucharest and started his PhD in 2017, with the aim of improving application security review through machine learning algorithms.

Surinder Singh Rait, CISA, CISM

Senior Corporate IT Auditor, Ericsson

20 years of experience in Information/ Cyber Security being held senior management positions in my past experiences. Currently working as Senior Corporate IT Auditor in Ericsson. Handled global implementations of projects in ISO27001, NIST Cyber Security Framework, DLP, NAC, Global SOC.

Susanne Moeller-Hansen, CISA, CISM

Security Consultant, Future Security

Susanne has more than 10 years of experience with security consulting regarding cyber-, data- and information security and GDPR. She started working as internal IT auditor, continued to compliance, took some years as PCI DSS auditor, and have for the last 5 years provided consulting on Cyber and information security, and some compliance such as GDPR. She has worked with both private companies, especially within the financial sector and within the public sector. At the latest she has worked with cyber- and it-security consulting, especially with GDPR, ISO27001/2 implementation and as security consultant at a number of organisations. Susanne primarily works on the strategic, organisational and documentational level in an organisation. She is not one who herself implements technical solutions, but primarily acts as a link between technicicans and management and ”translates” security issues and requirements so that both management and technical employees understands.

Tichaona Zororo, CISA, CISM, CGEIT, CRISC, COBIT 5 Certified Assessor

Director, Board of Directors, ISACA

Tichaona Zororo, CISA, CISM, CGEIT, CRISC, COBIT 5 Certified Assessor, CIA, CRMA, is an IT Advisory Executive with EGIT | Enterprise Governance of IT (Pty) Ltd., an IT Advisory firm (South Africa). He has several years of in-depth experience in mainstream IT, IT auditing, cybersecurity, IT governance and IT risk across private and public sectors in Africa, Europe, the USA and Asia. Zororo is an advisor to a number of boards of directors, IT and business leaders across the globe on governance of enterprise IT, cybersecurity, IT auditing, IT risk, innovation and digital transformation. He was involved in the development of numerous ISACA white papers and COBIT 5 publications. A renowned COBIT expert, advisor and accredited trainer, Zororo is credited for being the first COBIT 5 Certified Assessor in Southern Africa. He has served on the ISACA Framework Committee, CGEIT Test Enhancement Subcommittee and the External Advocacy Committee. He is a recipient of the ISACA 2017 Harold Weiss Award for Outstanding Achievement, which recognizes an individual for sustained contributions to the advancement of the governance of enterprise IT. Zororo was voted a top speaker at 2017 Asia Pacific CACS and 2017 Africa CACS conferences. He is the Immediate Past President of the ISACA South Africa chapter.

Tony Gee

Security Researcher and Consultant, Pen Test Partners LLP

Tony has over 13 years of security experience, he has worked both as an internal blue team consultant within the finance industry and for the technology partner for the world leading Oyster card system and more latterly as an external security tester and auditor. Tony speaks the world over at technology events highlighting key risks with the internet of things, automotive and maritime and key payment systems. Tony is able to illustrate and demonstrate critical issues in these systems in a way the audiences of all levels can understand. He has spoken at PCI events in Europe and Asia, at the SC Congress in London, ISACA CSX Europe, technical conferences such as BSides and many other partner events, including speaking at the US Congress, European Central Bank and the European Parliament.

Tracy Celaya

President, GO Consulting Int’l

Dr. Celaya is President of Go Consulting Int'l and a sought-after IT & Business Consultant. She's an innovative leader and energetic speaker with 20 years of experience in IT Security, Program Management, Organizational Development, and Change Management, with her research in cloud computing, HR, and Information Security. She is a U.S. Air Force veteran with a background in electronic intelligence. Her clients consider her their “Secret Weapon” as she helps organizations define & implement their security strategy and develop a solid organizational culture of security. She is author of two publications regarding cyber security and cloud computing in human resources, and an international top-rated speaker featured at ISACA CSX Europe & U.S., ISACA CACS, RSAC US, RSAC Asia-Pacific, ISSA, OWASP, DevOps.com, and SecureCISO.

Tuan Phan, CISSP

Partner, Caplock Security LLC

Tuan Phan is a partner with Caplock Security LLC with strong expertise in the implementation and management of emerging technologies, information assurance programs, technical projects and operations, and risk management across several industries including government, software, specialty product, drug and medical device manufacturing. Tuan has consulted with state and Federal agencies including Oregon Public Employees Retirement System, Centers for Disease Control and Prevention, National Credit Union Administration, and Federal Retirement Thrift Investment Board on information security and assurance. As the practice leader for blockchain technology at Caplock Security LLC, he leads the development of several proofs of concept using Hyperledger Fabric and Ethereum private blockchains and advises clients on the security implementation of smart contracts and blockchain infrastructure. Tuan has shared his experience on numerous topics on cybersecurity, blockchain security, IT governance, and regulatory compliance at several industry conferences and seminars. Tuan has also authored several articles on blockchain and regulatory compliance topics in several industry magazines and journals and served as SME reviewer for ISACA Blockchain Audit Program.

Vadim Gordas, CISA, CRSIC

Head of IT & InfoSec Risk, Zopa Financial Services

Vadim is an Information Risk Management Specialist with over 12 years’ experience in information security, data protection and information security compliance. He holds a GCHQ-certified MSc degree in Information Security from ISG Royal Holloway, University of London and various industry certifications. Most recently his research is focused on measuring the human risk and ensuring that enterprises can make targeted interventions to manage the people aspects of security.

FOR SPONSORSHIP AND EXHIBITOR OPPORTUNITIES

Contact ISACA's Sponsorship Department:

Please address Sponsorship questions to: sponsorship@isaca.org

QUESTIONS

Contact ISACA's Customer Experience Center:

Tel: +1.847.660.5505

https://support.isaca.org/

MEDIA INQUIRIES

Contact ISACA's Communications Department:

Tel: +1.847.660.5512 or
+1.847.660.5564

news@isaca.org

16-18 October 2019 | Geneva, Switzerland

35

CPE Hours Available

Grow Your Network. Enhance Your Knowledge.

Connect with the most dynamic minds and practitioners in information systems audit, control, security and cybersecurity.

Stay ahead of emerging trends and gain new tools, guidance and insight that will help set the course for the future of information systems and cybersecurity—and for your role in vitally important fields that assess, manage, protect, and drive the success of enterprises worldwide.

What's in it for you?

Grow Your Network

Enhance Your Knowledge

Who should attend?

What is in it for your organisation?

Continuing Professional Education Credits

Programme

As the programme is developed, we will continue to add information to this page—check back frequently for updates! Click here for a downloadable version of our Programme

As the programme is developed, we will continue to add information to this page—check back frequently for updates!

Click here for a downloadable version of our Programme

What to Expect

Opening Keynote - Anders Sorman-Nilsson

Engaging Sessions

Closing Keynote – Jon Duschinsky

50th Anniversary Opening Platform

Cyber Hunt

Interactive Workshops

SheLeadsTech Seminar

Do you have a topic that you think should be offered at this conference? We want to know! Tell us about it by submitting your idea on Twitter using #EuroCACSCSX

NETWORKING RECEPTION IN THE INNOVATION EXCHANGE

Unwind with colleagues in a festive hour of networking and fun!

SCHEDULE

Your Conference Itinerary

{{ filter.GroupName }}

{{ day.DayOfTheWeek }} {{ day.Date }}

{{ timeslot.Title }}

Moderators

{{ speaker.SpeakerName }}

Panelists

{{ speaker.SpeakerName }}

{{ session.Time }}

{{ session.SessionLocation }}

{{ session.Title }}

Select

Continuing Professional Education Credits

Conference Registration Fees

Full Conference Registration

Workshop Only

Cancellation Deadline: Friday, 13 September 2019

Volunteers Needed!

Terms and Conditions

Registration and Payment Policy

Discounts

Group Discounts

Government Discounts

Academic and Student Discounts

Cancellation Policy

Payment Methods

Disclaimer

Not a member of ISACA? Join today!

Consent for Photos, Audio and Video Recordings Taken at Events or for Marketing Purposes

Dress

Justify Your Attendance

Watch highlights from the 2018 EuroCACS conference and mark your calendar for 2020!

Review highlights from the 2018 CACS and CSX conferences to learn more about the sessions, speakers and networking you can expect at EuroCACS/CSX 2019.

Speaker Presentations by Session Number

Masudur Rahman

Greg Witte

R.V. Raghu, CISA, CRISC

Christian F. Nissen, CISM, CGEIT

Jan Anisimowicz, CISM, CRISC

Rosemary M. Amato, CISA

Welcome to Geneva

Geneva

Palexpo Convention Centre

Explore Now

HOTELS

Starling Geneva Hotel

Route François-Peyrot 34 1218 Le Grand-Saconnex Geneva, Phone: +41 22 747 02 02

Getting There

Getting Around

Thank You to Our 2019 Sponsors!

Platinum

Adobe

As the programme is developed, we will continue to add information to this page—check back frequently for updates!

Click here for a downloadable version of our Programme

{{ day.DayOfTheWeek }}
{{ day.Date }}

Route François-Peyrot 34
1218 Le Grand-Saconnex
Geneva,
Phone: +41 22 747 02 02