SECON International Chapter Conference
Welcome Note from SECON International 2023 Organizing Committee!
On behalf of the SECON International Conference Chapter Committee, we are inviting you to the second SECON International Chapter Conference on Wednesday, December 6th, 2023!
This event would not be possible without the collaboration of many ISC2 chapter leaders from across the globe!
We look forward to seeing many of you at the conference on our fun and unique virtual platform!
Best wishes,
SECON International Chapter Committee
The conference committee consists of leaders from the following ISC2 chapters: New Jersey, Atlantic Canada, Hellenic, Israel, Poland, Germany, The Netherlands and Uganda.
A big THANK YOU to all the volunteers that made this event possible!
Ken Fishkin, May Brooks - Kempler, Bryon Singh, Tran Cheung, Marie Ivanov, Robert Fritz, Oren Motola, Gidi Farkash, Johannes Braams, John Iliadis, Michal Trojnara, Brian Mwine Rutebemberwa, and Rainer Rehm.
SECON International Chapter Conference 2023
The International Chapter Conference committee is announcing its 2nd Annual ISC2 International Chapter Conference, SECON International! This event is an ISC2 Chapter driven initiative and is fully supported by ISC2.
Registration is FREE to all chapter members and we have over 300 registered participants from all over the world already, so come join in on the fun!
Date: Wednesday, December 6th, 2023
Time: 11:00 a.m. EST (1600 GMT) to 2:00 p.m EST (1900 GMT).
Location: Virtual (Gather.town)
The SECON International Chapter Conference includes over 20 speakers from all over the globe, ranging from a multitude of topics across the cybersecurity spectrum. All attendees will get 3 CPEs.
Opening remarks for this event will be given by Clar Rosso, CEO of ISC2.
Keynote Speakers:
Olivia Rose, CISO And Founder at Rose CISO Group
Ira Winkler, Field CISO for CYE Security and author of You Can Stop Stupid
Dr. Erdal Ozkaya, CISO at Xcitium
Workshop:
Sounil Yu, Author and Creator of the Cyber Defense Matrix and the DIE Triad
The conference will be held on a virtual platform to provide a unique opportunity to listen to great presentations while networking with your peers.
Check out the conference website HERE and agenda HERE. Please note that the schedule in the agenda is subject to change.
TO REGISTER CLICK HERE.
Welcome Remarks
Keynote Speakers
Olivia Rose - CISO And Founder at Rose CISO Group
Olivia Rose is an award-winning Cybersecurity leader and three-time global Chief Information Security Officer (CISO). Olivia Rose is the founder of the Rose CISO Group, a boutique Security company delivering exceptional vCISO, Board Communications, and Strategic services to Fortune 1000 companies.
Before founding Rose CISO Group , Olivia was a 21-year Security industry veteran, including CISO roles with Mailchimp and Amplitude, and 17 years as a virtual CISO and strategic advisor for Fortune 1000 companies.
Olivia holds numerous IT, Privacy, and Security certifications, and is an active participating member of several industry groups. Olivia is frequently requested at speaker events and podcasts. She is regarded as a thought leader in the industry.
Ira Winkler - Field CISO for CYE Security and author of You Can Stop Stupid
Ira Winkler, CISSP, is the Director of the Human Security Engineering Consortium and author of the books, You Can Stop Stupid and Security Awareness for Dummies. He is considered one of the world’s most influential security professionals and was named “The Awareness Crusader” by CSO Magazine in receiving their CSO COMPASS Award. Most recently, he was named 2021 Top Cybersecurity Leader by Security Magazine. He has designed, implemented, and supported security awareness programs at organizations of all sizes, in all industries, around the world. Ira began his career at the National Security Agency, where he served in various roles as an Intelligence and Computer Systems Analyst. He has since served in other positions supporting the cybersecurity programs in organizations of all sizes.
Dr. Erdal Ozkaya - CISO at Xcitium
Dr. Erdal Ozkaya is a leading Cybersecurity Professional with business development, management, and Academic skills who focuses on securing the Cyber Space & sharing his real-life skills as a Security Adviser, Speaker, Lecturer, and Author.
Erdal is known to be passionate about reaching communities, creating cyber aware campaigns and leveraging new and innovative approaches and technologies to holistically address the information security and privacy needs for every person and organization in the world. He has authored many cybersecurity books as well as security certification courseware and exams for different vendors.
Cyber Defense Matrix Workshop
Sounil Yu- Author and Creator of the Cyber Defense Matrix and the DIE Triad
Sounil Yu is an author, speaker, advisor, and board member in the cybersecurity field. He created the DIE Triad and the Cyber Defense Matrix, which are mental models that help organizations define, align, and optimize their security capabilities. He has presented at multiple conferences and published several articles on topics such as artificial intelligence, machine learning, and automation in security. He is passionate about advancing the knowledge and practice of cybersecurity and empowering others to achieve their security goals.
AI, Quantum, & Advanced Technologies
Cory Helen Popescu, Cyber & Systems Security Specialist
Presentation Topic: The Lifecycle of Phishing: From Generation, to Detection and Removal, leveraging ML and AI
Speaker Bio: With over 6 years of hands-on experience as a Managed Security Service Provider, I have developed proficiency in various security tools and technologies. My areas of expertise include Cyber Investigations, conducting Phishing Tests, performing Vulnerability Scanning, and managing System Hardware in a Hypervisor environment. I am skilled in Endpoint Detection and Response, Log Analysis, and troubleshooting. My strengths include outstanding communication and analytical skills, coupled with leadership capabilities in strategic planning and business process improvement. I am experienced in implementing compliance frameworks like ISO 27000s, NIST, and CIS controls, which are instrumental in creating and developing an organization's cybersecurity posture.
Sofiane Chafai CISSP, CCSP, CISA, ISOxx, QSA PCI DSS, Prince 2
Presentation Topic: New Challenges for a Reliable Use and Deployment of Trustworthy AI
Speaker Bio: Sofiane Chafai is an information security professional with over 25 years of experience in IT management, transformation programs, information systems, and process implementation. His expertise extends to cybersecurity consulting and business continuity management for leading companies in the Middle East and North Africa. He has worked across various sectors, including financial, telecommunications, government services, and oil and gas industries. Chafai plays a significant role in promoting information security at an international level. He is a member of the EMEA Advisory Board of ISC2, an Accredited Assessor to the PCI SSC, and a contributor to the update of the PCI DSS standards. He is also an accredited trainer for international organizations and institutions. His work encompasses governance, security architectures, risk management, compliance, audit, and business resilience.
Kudzai Lazarus Mudyiwa CISSP, PMP, CISA, ICSA, Senior IT security Consultant at Lunika Incorp
Presentation Topic: Generative AI Security Frameworks for Government Agencies
Speaker Bio: With 15 years in the field, Kudzai Lazarus Mudyiwa is an IT Security Team Lead, System Developer, DevSecOps Engineer, and IT Project Manager. Certified in CISSP, PMP, CISA, and ICSA, Kudzai excels in ensuring robust security measures, driving innovation in system development, and optimizing workflows through DevOps practices. His leadership and expertise have led to successful IT projects, showcasing a commitment to excellence in the ever-evolving IT landscape. Currently serving as the Member Chair for ISC2 South Africa (Gauteng Chapter), Kudzai actively contributes to the cybersecurity community.
Jorge Carrillo, PhD,
Presentation Topic: What Does Transparency Mean in AI?
Speaker Bio: Jorge Carrillo, PhD, has been assisting organizations across Europe in assessing, designing, implementing, and improving their IT cybersecurity practices for over 18 years. His primary focus is on Cybersecurity and Data Protection, but he has also been involved in other compliance areas such as IT Audit, PCI, SOX, and Accessibility. He is an active guest lecturer at several universities, sharing good practices and methodologies in Privacy by Design, Agile, and other Project Management methodologies.
Angus Chen
Presentation Topic: Quantum Computing, Cyber Espionage, Cryptography, AI, and Analytics
Speaker Bio: Angus Chen is a leader with computational thinking, an experienced cybersecurity professional who fosters a culture of trust, a board member who contributes to communities and embraces diversity in all forms, a speaker who shares knowledge, and a rock climber who looks for projects and is known for his analytic ability to connect the dots. He has over 18 years of hands-on experience assessing, developing, and implementing technology solutions for a broad range of organizations, including MITRE, the Federal Reserve Board, and FINRA, as well as several public and private partnerships. He holds an MBA from IESE and has a master's degree in Applied and Computational Math from Johns Hopkins University. He is a holder of CISSP, CCSP, and PMP certifications.
Glendon Schmitz, CISO | Board Member | Advisor | Speaker
Presentation Topic: Quantum Computing, Cyber Espionage, Cryptography, AI, and Analytics
Speaker Bio: As a strategic and global cybersecurity visionary, I offer a track record of success driving development and management of security systems and policies to reduce and mitigate risk and protect assets in the U.S. Air Force and government agencies. I develop and lead a forward-looking support structure and scalable infrastructure encompassing on-site and cloud-based applications, along with delivering an architecture that fully aligns with business needs while facilitating improved security. I am valued for providing astute technical leadership for enterprise systems and security architecture, engineering, and implementations.
My background includes building and leading agile teams that deliver consistently high-performance levels in the maintenance, management, and enhancement of secure and stable computing environments.
Arturo Santos
Presentation Topic: Secure AI Implementation for Critical Infrastructure
Speaker Bio: Information Security Governance, Risk and Compliance (GRC) Solutions Architect with over 20 years of experience creating and leading the implementation of solutions for information systems security, governance, risk and compliance management for strategic business development. Results-oriented team leader with proven ability to execute project and risk management, identify business opportunities, propose strategic planning, create budget proposals, project plans and implement security and quality controls. Responsibilities have included managing large and complex projects with high impact; P&L accountability for up to $10 million USD; and the oversight of up to 60 direct reports within greater multicultural multidisciplinary teams for large organizations in multiple locations worldwide.
Neranjan Dissanayake, Chief Technology Officer- Just In Time Group
Presentation Topic: Bridging Realms: Navigating the Confluence of IoT, OT, ICS, and IACS for an Industrial Renaissance
Speaker Bio: Neranjan is a veteran in Technology and Cybersecurity fields in Sri Lanka having experience for more than 13 years in multiple local and multinational organizations. He has worked in senior consultant positions architecting and designing mission critical environments in complex projects. A past Royalist and a graduate from the University of Moratuwa Faculty of Engineering specializing in Electronic & Telecommunication, he has acquired countless industry certifications in many diverse areas. Neranjan is the president of the Cloud Security Alliance Sri Lanka Chapter and an active member of IESL, ISC2 Colombo Chapter and ISACA Sri Lanka and conducts many workshops, webinars and mentorship programs with professional bodies to transfer his knowledge and experience to serve the industry. Currently he works as the CTO of Just in Time, a pioneer in the Sri Lankan technology field, undertaking the complete technology function of the company.
Application & Open Source Security
Paolo Ottolino, CISSP ISSAP CISA CISM OPST ISO/IEC 27001 ITIL PMP PRINCE2
Presentation Topic: Application Security: Design Shutters - Reusable Elements for Securing Software Design
Speaker Bio: Paolo Ottolino, CISSP ISSAP CISA CISM OPST ISO/IEC 27001 ITIL PMP PRINCE2, Adjunct Professor at the University of Rome 'Sapienza' and the Polytechnic University of Bari. Engineer. Cybersecurity Solution Specialist at Eng.it ISC2: Item Writer and Subject Matter Expert for over 15 years. Member of the Board of Directors of the Chapter-Italy. Cybersecurity Speaker: Engagements include ISC2 SecureXXX, ISACA CSX, EuroCACS, CyberCrimeConference, Security Summit, Forum ICT Security, and others.
Assaf Morag, Lead Threat Intelligence and Data Analyst at Aqua Nautilus
Presentation Topic: Doing It Right: Successfully Integrating Application & Product Security into the SDLC
Speaker Bio: Assaf is a Lead Threat Intelligence and Data Analyst at the Aqua Nautilus research team. He focuses on supporting the team's data needs, obtaining threat intelligence, and helping Aqua and the industry stay at the forefront of new threats and protection methodologies. His work has been published in leading information security publications and journals worldwide. Most recently, he contributed to the new MITRE ATT&CK Container Framework.
Moshe Weis, CISO at Aqua Security | Technology & Cyber Lecturer | CISSP, CISM, CEH, CCSK, MBA
Presentation Topic: Doing It Right: Successfully Integrating Application & Product Security into the SDLC
Speaker Bio: Moshe is an accomplished cybersecurity leader and lecturer, with more than 16 years of extensive experience in technology and cybersecurity. He has a strong educational background with a BSc in Communications System Engineering and an MBA in Technological Entrepreneurship, both completed with distinction. Additionally, Moshe holds numerous prestigious global cybersecurity certifications. With a rich history in hardware and software development, Moshe has honed his expertise to focus on pioneering innovative methodologies in Application and Cloud security. He currently serves as the Chief Information Security Officer (CISO) at Aqua Security, a leading provider of advanced security solutions for cloud-native applications.
Awareness, Strategy & Organizational Response
Elad Motola, Managing Director at Consilium Lab
Presentation Topic: ISO 27001: Bridging the Gap Between 2023 & 2022 Versions
Speaker Bio: As the Managing Director at Consilium Labs, a certification body specializing in the ISO 27000 family of standards, and the Chief Operations Officer at GRSee Consulting, an information security advisory and assurance firm, I offer extensive expertise at the intersection of cybersecurity and operational leadership. My over-a-decade-long career is marked by a steadfast commitment to excellence in managing teams in the dynamic field of information security. In my tenure, I have developed a thorough understanding of the ISO 27000 standards. At Consilium Labs, I lead initiatives to ensure organizations adhere to robust information security practices. Concurrently, as the COO of GRSee Consulting, I play a pivotal role in guiding the firm's strategic direction and operational efficiency, reinforcing its status as a trusted advisor in the industry.
Ariel Vudoyra Cardenas, CISA CISM CRISC CISSP ITIL 4, Global Security Remediation & Resilience Leadat DXC Technology
Presentation Topic: Security Governance
Speaker Bio: With over 35 years of IT experience, I specialize in Information Systems design and implementation across manufacturing, finance, and transportation sectors. My expertise includes DRP/BCP design and implementation, Data Center Management, and serving as an Information System Security Officer (ISSO). As an IT Auditor, I have experience with SOX controls, and in defining, implementing, and verifying control objectives for SAS 70, ISAE 3402, SSAE16, and SSAE18, including SOC1. In an assurance role, I assist accounts in meeting their security-related contractual obligations, ensuring they maintain the mandated level of security controls, and preparing for internal and external audits. I also perform Cyber Maturity Reviews (CMR).
Tran Cheung, MBA, CISSP, CCSP, CISA, PMP
Presentation Topic: How Do You Trust an AI Model? Learn How NIST AI RMF Can Help Reduce Your Risks
Speaker Bio: Ms. Cheung serves as Board Member – Communications Chair to the ISC2 New Jersey Chapter. She leads the Communications Committee in the publishing of the chapter’s monthly newsletter for the community. She is an experienced IT audit manager with over 15 years specializing in cybersecurity and federal compliance with NIST standards. Currently, she leverages this expertise in higher education, providing comprehensive information security and IT operations assurance to support Princeton University's mission. Prior to joining Princeton, Ms. Cheung was a Principal of Information Security for Mathematica’s IT Security Risk and Compliance group where she directed the IT Security Risk and Compliance team charged with providing assessments of the implementation of security and privacy regulations for State and Federal clients.
Samuel Modupe
Presentation Topic: Managing Cloud Security in the Modern Workspace
Speaker Bio: Samuel specializes in Cloud Security, Network Security, System Security, Penetration Testing, Vulnerability Assessment, Enterprise Routing, and Switching, Project Management as well as business operations and how cybersecurity fits into the greater needs of the enterprise. He is adept and passionate at training and educating both users and cybersecurity professionals on relevant cybersecurity technologies, procedures, attacks, and preventative measures. His skills include the ability to manage all aspects of the enterprise security framework and to work with colleagues to improve the efficiency and security of IT systems.
Patrick Park, Director of Information Security CCISO, CISSP, CISM, CEH at Milbank LLP
Presentation Topic: Strategy for a Passwordless Environment
Speaker Bio: Patrick Park is the Director of Information Security at Milbank LLP. He is an information security professional with 15 years of experience, working across various sectors including law firms, financial institutions, health care, non-profits, and manufacturing. He is responsible for the firm's global security, privacy, and business continuity, with a primary focus on governance, risk, compliance, and audit. He works closely with Milbank's Office of General Counsel to ensure compliance with client and regulatory requirements.
Robert Fritz, Director, Technical Leader, Board Member, and Speaker
Presentation Topic: An Ethics Framework for Cybersecurity Governance and Leadership
Speaker Bio: Robert Fritz (CISSP, CSSLP) served his country as a US Air Force officer, including assignments at Langley AFB and at the Pentagon, and has served as a leader in public and private companies ever since. At Hewlett-Packard, he led research and development of key Unix security technology. As an Executive Director at Morgan Stanley, he served as Canada CISO. He then served as Director Cyber Security at Emera and at Irving Oil. His last 5 years have concentrated on board and executive level cyber security and privacy governance advice and reporting, as well as cyber security operations. Robert received his Bachelor’s in Computer Science at the US Air Force Academy, and his Master’s in Computer Science: Software Engineering, from Old Dominion University in Norfolk, VA. He serves his Atlantic Canada security community as a frequent speaker, and Board member for the Atlantic Canada Chapter of ISC2.
Gaurav Singh
Presentation Topic: Enhancing Supply Chain Resiliency Through Cybersecurity
Speaker Bio: As an accomplished Cyber Security Transformational Leader, Gaurav has extensive experience in digital transformations across Finance, Supply Chain, and enterprise applications like Enterprise Resource Planning systems (ERP) and compliance. His unique blend of technical knowledge and business acumen has been honed over 18+ years in the industry, with a proven track record of protecting organizations from cyber threats while maximizing digital transformation investments. In addition to his leadership role, Gaurav is a highly sought-after speaker and author. He delivers sessions and publishes articles on various topics related to cybersecurity and digital transformations. His recent speaking engagement at the prestigious Gartner IT Symposium 2023 in Orlando, in October 2023, was recognized as The World's Most Important Gathering of CIOs and IT Executives.
John Checco
Presentation Topic: A People-Centric Approach to Breaking the Attack Chain
Speaker Bio:
Proofpoint:
Former Resident CISO, Financial Services
Board Certified QTE (Qualified Technology Expert)
Bank of America: Loaned Executive, US DHS CISA (fka NCCIC) Lead, Zero-Trust Strategy & Architecture SVP, Security Innovation Team BISO, Global Markets (Merrill Lynch) Head of Security Technology Assessment Team
Bloomberg: CISO for BloombergBlack (Personal Wealth) Senior Security & Risk Executive
Operational & Network Security
Stephen Mugabe
Presentation Topic: Data Protection Compliance in a Low Resource Setting
Speaker Bio: Stephen Mugabe is an Information Technology professional with over 14 years’ experience in IT across areas of IT Support, Systems Administration, Asset Management, IT Consulting, Systems Design and Implementation, IS Audits and Assessments, Data Protection and Privacy compliance and regulation. Stephen currently serves as the Manager Data Protection Affairs at the Personal Data Protection Office (PDPO) Uganda’s Data Protection and Privacy Regulator. Before his current role, Stephen held the position of Systems Analyst at the National Information Technology Authority – Uganda (NITA-U) where he played a key role in audit and assessment of a number of government systems and was involved in the analysis, requirements gathering and design of key government eServices. Stephen has undertaken a number of IT Consulting engagements in the Banking, Health, Telecoms, NGOs and Government in Uganda and outside including assignments in Malawi, Sierra Leone and Lesotho. Stephen has also worked with AH Consulting Ltd, MUJHU Care Ltd and the USAID SUSTAIN Project. Stephen Mugabe is a graduate of Bsc. Computer Science, a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), ITIL Certified, Security+ and ACL Certified Data Analyst (ACDA).
Jacek Grymuza - Board Member of ISC2 Chapter Poland, Senior Security Architect @ Sycope
Presentation Topic: Mastering Network Threat Hunting
Speaker Bio: Jacek Grymuza (CISSP, CISM, CIHE, OSCP) - An IT security expert with over 15 years of experience, Jacek specializes in areas such as Security Operations, Communications and Network Security, Security Architecture and Engineering, Security Assessment and Testing, Asset Security, and Security and Risk Management. He is particularly fascinated by the design of security threat detection methods and the Threat Hunting process.
Johannes Braams, Leading Professional Cyber Security ICS at Royal HaskoningDHV
Presentation Topic: Cyber Security Light at the End of the Regulated Tunnel
Speaker Bio: Driven and professional, I bring over 7 years of experience in ICS Cyber Security and 18 years in IT project management. I excel in assimilating new knowledge and adeptly translate business needs into IT solutions. I am committed to delivering high-quality results within the constraints of time and budget. As a leader, I guide project teams from inception to realization, ensuring excellence at every step. I thrive in managing complex projects, skillfully navigating challenges that initially seem puzzling.