A Free Virtual Event

Uncover the trends driving
InfoSec compliance today — and tomorrow.

February 22, 2024 8:30 AM - 12 PM PT 3 CPE Credits

Speakers

Hear from CISOs and risk management leaders as they share how they’re tackling today’s most urgent challenges, from the rise of AI to increasing governance requirements.

Allison Miller Former CISO, Reddit Founder and Principal, Cartomancy Labs

Chris Porter SVP and CISO Fannie Mae

Gene Kim Former CTO, Tripwire Founder, IT Revolution

Gianna Kubiak Manager, Risk Consulting RSM US LLP

Jim Routh Chief Trust Officer Saviynt

Richard Marcus VP, Information Security AuditBoard

Ty Smith Director, Risk Consulting RSM US LLP

Sessions

Session 1 8:30 - 9:30 AM PT 1 CPE CREDIT

How AI Is Radically Reshaping Compliance, Cybersecurity, and Business Strategy

2023 was the year artificial intelligence broke through into the mainstream consciousness and into business use cases with the advent of generative AI and large language algorithms (LLMs). In 2024, audit, risk, and compliance teams need to prepare for a world of AI-augmented work and decision-making across all functional areas of the enterprise.

IDC predicts that global spending on AI will continue to accelerate to over $301 billion by 2026. This means that companies will need to be prepared to manage AI risk and leverage its capabilities to remain competitive in their markets.

During this session, we’ll explore the CISO perspective on what 2023 has taught us about how enterprises are using AI across the business, and how IT security and compliance teams should think about incorporating AI into their practice.

Allison Miller Cartomancy Labs
Chris Porter Fannie Mae
Jim Routh Saviynt
Richard Marcus AuditBoard

8:30 - 9:30 AM PT 1 CPE CREDIT

Allison Miller Cartomancy Labs
Chris Porter Fannie Mae
Jim Routh Saviynt
Richard Marcus AuditBoard

Session 2 9:45 - 10:45 AM PT 1 CPE CREDIT

Compliant by Design: Automation and the Future of IT Security, Compliance, and Software Development

For IT security and compliance teams, the paradigm for supporting resilient and secure organizations has shifted. Teams have moved away from application developers and IT operations getting approvals in “high ceremony” handoffs to IT security and compliance to now embedding into the daily work of development and operations.

In this session, Gene Kim will describe why this “shift-left” phenomenon has happened, and how the new patterns that have emerged allow organizations to more quickly and effectively comply with frameworks and increase their cyber resilience by leveraging automation, compliant-by-design, and security-by-design principles.

Gene will describe theory and practice, including many industry examples of how IT and compliance leaders have used these practices to help their organizations win, while dramatically increasing security, compliance, and agility.

Gene Kim IT Revolution

9:45 - 10:45 AM PT 1 CPE CREDIT

Gene Kim IT Revolution

Session 3 11 AM - 12 PM PT 1 CPE CREDIT

NIST CSF 2.0 — The Rise of Governance in IT Compliance

As NIST CSF grows in adoption by security teams, what are the implications for IT compliance teams? Governance is becoming a core principle of cybersecurity regulations, so how should organizations consider maturing their approach to this topic? This session will dive into the interplay between security and compliance in fortifying your cyber defenses while navigating a complex regulatory environment.

Gianna Kubiak RSM US LLP
Ty Smith RSM US LLP

11 AM - 12 PM PT 1 CPE CREDIT

Gianna Kubiak RSM US LLP
Ty Smith RSM US LLP

The Next Wave of InfoSec Compliance Is Here

Equip yourself with the tools you need to succeed in information security compliance in 2024 at InfoSec Compliance Now, a free half-day virtual event.

Experts in the field will share their tried-and-true methods for streamlining their work while building resilience and protecting their organizations.

Space Is Limited — Sign Up Today!

Gain Leading Strategies
Learn From CISOs
Earn Up to 3 CPE Credits

AuditBoard is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.

Compliant Resolution Policy: If you have any concerns about this program as they relate to the NASBA Standards, please email events@auditboard.com.

Cancellation Policy: Due to this program being offered free of charge, there will be no refunds issued. Please email events@auditboard.com if you need to cancel your registration.

Allison Miller

Former CISO, Reddit Founder and Principal, Cartomancy Labs

Allison Miller is Founder and Principal at Cartomancy Labs, an advisory firm that guides teams in innovating and solving problems anywhere that people, money, and technology mingle. With decades of experience at the intersection of cybersecurity, fraud, and abuse, Allison is known for implementing real-time risk prevention and detection systems running at internet-scale, with a proven track record of building and protecting customer-facing platforms and services (both B2C and B2B).

Prior to establishing Cartomancy Labs, Allison was the CISO and VP of Trust at Reddit where she led the cybersecurity, privacy, risk, and safety teams. She has also held technical and leadership roles in security, risk analytics, and payments/commerce at Bank of America, Google, Electronic Arts, Tagged/MeetMe, PayPal/eBay, and Visa International. Miller speaks internationally on security, fraud and risk, sits on the Faculty at IANS, and has been recognized by SC Media as a Power Player in IT Security.

Chris Porter

SVP and CISO Fannie Mae

Christopher Porter is the CISO for Fannie Mae. In this role, he helps to communicate the importance of information security across the enterprise and to mature and innovate Fannie Mae’s defense and response capabilities. Porter has over 15 years of experience in IT and security industries. His background includes work as an economist, network and system administration, information security consultant and researcher. In his previous role at Verizon, Porter was a lead analyst and author of Verizon’s Data Breach Investigations Report series. He was also the co-creator of the VERIS Framework (Vocabulary for Event Recording and Incident Sharing) which allows organizations to collect and report security incident metrics in a standard and repeatable manner.

Gene Kim

Former CTO, Tripwire Founder, IT Revolution

Gene Kim is a multiple award-winning CTO, researcher, and author. Kim was founder and CTO of Tripwire for 13 years. Gene’s books have sold over 1 million copies — he is a WSJ bestselling author, having most recently co-authored Wiring the Winning Organization, as well as The Phoenix Project, The DevOps Handbook, and the Shingo Publication Award-winning Accelerate. Since 2014, he has been the organizer of DevOps Enterprise Summit, studying the technology transformations of large complex organizations, now called the Enterprise Technology Leadership Summit. He has worked with top internet companies on improving deployment flow and increasing the rigor around IT operational processes.

Gianna Kubiak

Manager, Risk Consulting RSM US LLP

Gianna has over eight years of experience working across multiple cybersecurity and technology domains with a current focus on clients in financial services, private equity, and the family office space. Her financial services clients are primarily global financial institutions with a focus on cybersecurity and IT control transformation and program management efforts.

She has served as a virtual Chief Information Security Officer (vCISO) for multiple private equity funds and family offices, assisting clients in developing or maturing their cybersecurity programs, providing strategic guidance and supporting executive leadership decisions as well as tactical day-to-day program management. In this role, she regularly interacts with portfolio and private equity fund representatives, tracks risks, advocates for portfolio company needs at the private equity fund level and aids the implementation of fund strategy at the portfolio company level.

Upon first joining RSM, Gianna led the project management office for RSM’s national cyber response team, ensuring the successful delivery of projects and investigation of cyber incidents for hundreds of clients every year. She also prepared and facilitated client incident response preparedness tabletop exercises.

Prior to joining RSM, Gianna served in the project management function for the IT organization of a multinational information and communications technology company. She was responsible for multiple software rollout projects including adoption, end user and support team training, and process documentation to support day-to-day usage following rollout. In this role, she was responsible for managing several teams across Asia, Europe, North and Central America.

Jim Routh

Chief Trust Officer Saviynt

Jim Routh is the Chief Trust Officer for Saviynt and the CISO for CalypsoAI. He is currently on the boards of Supply Wisdom, Savvy Security, Accountable Digital Identity Association, and the Global Resiliency Federation. He is the former board chair for the Health Information Sharing & Analysis Center (H-ISAC), where he served for five years, and former board member for the Financial Services Information Sharing & Analysis Center (FS-ISAC).Jim is a former CSO/CISO for American Express, DTCC, KPMG, Aetna, CVS, and MassMutual.

Jim brings to the boards a vast business and technology background and is considered a digital and cyber security industry expert and thought leader. Jim is currently an advisor for Transmit Security, Wiz, Netskope, Armis, Security Scorecard, Devo, Gurucul, Data Theorem, CodeZero, Picnic, Legit Security, and Graphite Health. He serves in an advisory capacity and investor for cyber-specific venture funds including Syn Ventures, CyberStarts, Security Leadership Capital, Ballistic Ventures, and Rain Capital. Jim is an ICIT Fellow and an Adjunct Faculty member where he teaches cybersecurity for the NYU Tandon School of Engineering.

Richard Marcus

VP, Information Security AuditBoard

Richard is the VP of Information Security at AuditBoard, where he leads product, infrastructure, and corporate IT security functions as well as AuditBoard’s own internal risk and compliance initiatives. In this capacity, he has become an AuditBoard product power user, leveraging the platform’s robust feature set to help achieve SOC 2, GDPR, ISO 27001 compliance, and many other GRC initiatives. In his spare time, he enjoys exchanging insights with his information security leader peers in the AuditBoard Community and participating in the AuditBoard product development process. Prior to joining AuditBoard, Richard led global GRC at Verizon Media and Security Operations at EdgeCast Networks.

Ty Smith

Director, Risk Consulting RSM US LLP

Ty is an experienced risk consultant and U.S. Army officer who has a strong understanding of information security in the professional services industry. He assists clients with executive management decisions surrounding information security to ensure the highest return on investment. Ty has worked with organizations across a variety of industries, providing him with the experience and knowledge of the different ways that each industry secures its data. Ty also serves as a battalion communications officer in the Ohio National Guard.

Ty’s professional experience includes overseeing the development and implementation of a fully compliant PCI DSS program at a large resort; serving as virtual chief information security officer (vCISO) for a hospital in Washington, D.C. focused on NIST CSF implementation; and performing security risk and information security assessments to determine program-level vulnerabilities within organizations. He is experienced in guiding clients in developing security best practices to determine the optimal course of action for implementation within business units, aligning organizational security programs with corporate goals, and continually refining internal processes to maximize team efficiency.