Emerging Technology Risks
 

Don't Miss Out!!  Register Now!!

 

Presents:

Emerging Technology Risks

Friday, October 16, 2020

           

                            Sessions and Speaker Details                                   

 

AGENDA

The conference will begin at 8:30am and it is recommended to log in to the virtual event at least 10-15 minutes prior.

8:30 –8:45 AM – Welcome and Opening Remarks, Anthony Cervoni, Chapter President

8:45 – 9:30 AM – Cyber Security Risk Assessments, Nick Barone

9:30 - 9:40 AM - BREAK

9:40 – 10:30 AM – Anatomy of a Data Breach, Sergio Orellana, Redpoint Cybersecurity

10:30 – 11:20 AM Threat Mitigation - "Left of Boom" , David Duncan, Redpoint Cybersecurity

11:20 – 11:30 AM –BREAK

11:30 – 12:20 PM – Data Privacy and Regulatory Guidance, Daniel S. Marvin, Morrison Mahoney, LLP

12:20 – 1:00 PM (Virtual Lunch Break) 

1:00 – 1:50 PM – Transforming Internal Audit through Automation, Russ Safirstein, Anchin Digital Risk Solutions

1:50 – 2:00 PM - BREAK

2:00 – 2:50 PM - Data Intelligence Academy, Edgar Abreu, Synchrony

2:50 - 3:00 PM - BREAK 

3:00 – 3:50 PM – Assurance over End User Computing with Python, Charlie Steiz, Synchrony

3:50 - 4:00 PM - BREAK

4:00 – 4:50 PM – Auditing AWS Controls, Corbin Del Carlo, Discover Financial Services

4:50 – 5:00 PM – Conference Wrap Up

 

 

Cyber Security Risk Assessments

Companies near and far need to understand where they are from a cyber-risk perspective.  Also many are under regulatory requirements to do so.  As Internal Auditors ready their plans for 2021, one of the biggest risks to their organizations is cybersecurity.  Nick Barone will walk us through how important coverage in this area is and will walk through several real life examples of fully engaged cyber risk assessments.  

Nick Barone, Cyber Security Advisor.  Nick brings over 25 years’ experience within the Information Security, Audit and Digital Forensics/Incident response (DFIR) industries to start-up or grow existing consulting practices. He has experience as a Computer Forensics court expert, managing complex information risk projects and 100’s of incident/data breach responses as reported in national media. Nick’s experience spans globally across a wide range of industries including financial, retail, health care, energy, manufacturing and education and also includes working with a number of clients in other security domains of IT Governance Risk and Remediation, IT Audit and Penetration Testing/Vulnerability Assessment assignments.  Nick has had various roles with Prager Metis Technology, EisnerAmper, Navigant Consulting, Opera Solutions, Morgan Stanley and PwC.  

 

Anatomy of a Data Breach 

We all read and hear about breaches but did you really understand how they actually attacked the organization? After a breach from cyber criminals or state-sponsored actors, you need a fully vetted plan of action.  Sergio Orellana, Director Breach Services Group at Redpoint Cybersecurity will discuss what you need to know and how your organization should react if hit with a data breach.  

  1. Recovery and restoration work 
  2. Incident response triage and forensic investigations
  3. Expert validations and audit compliance standards
  4. Policy and procedures you will need from a regulatory and best practices perspective.  
  5. Sergio will use actual case studies to walk the group through actions taken on the breach, investigation, and forensics.  

Sergio Orellana, Director Breach Services Group, Redpoint Cybersecurity Sergio Orellana leads Redpoint’s Breach Response Services Group. Sergio started his career when he enlisted in the US Navy back in 2011 with the goal of serving his country. While in the Navy, he spent three years working at NSA/CSS Washington as the Security Health Officer investigating cases from triage to forensic analysis. He later transferred to San Diego where he led two defensive cyber operations teams during their carrier deployment doing afloat network assessments, working hand in hand with actionable intel to improve our network security, and providing remote remediation worldwide. Before joining the Redpoint team, Sergio worked directly for the USDA CIO in their threat intelligence branch where he developed threat intelligence reports and created a weekly podcast highlighting nation-state cyber threat actors meant to increase security awareness. Sergio has his BA from University of Maryland.  

Threat Mitigation – “Left of Boom”

How do you stop cyber criminals or state-sponsored actors before a breach materializes? You need to be proactive and vigilant. David Duncan, Director a Threat Mitigation Services at Redpoint Cybersecurity will discuss how your organization can and should proactively protect its network, IT operations and data.  He will cover how to keep your organization secure through a unique approach to target, pursue, and eliminate threats on your network and explain how his team “Hunts the Hunter”. David will also cover best practices regarding penetration testing and the tactics, techniques and procedures from a threat intelligence perspective.    

David Duncan, Director Threat Mitigation Group, Redpoint Cybersecurity David Duncan leads Redpoint Threat Mitigation Group. He is an Inventive and results-driven information security engineer with advanced cyber security education and operational experience in support of the U.S. Government global cyber operations. 

David is an accomplished project manager with extensive experience in managing multiple large-scale initiatives and collaborating with various national organizations to reach mission success. In addition to Redpoint is also in the US Army Reserve as a Cyber Operations Officer.  Prior to joining Redpoint, David was a Cyber Threat Hunter for a DOD contractor, Booz Allen Hamilton and spent nearly eight years in the US Army. He has a Masters in Cybersecurity from Southern New Hampshire University and his Bachelors in Criminal Justice from Texas A&M.

 

Data Privacy and Regulatory Guidance

Data Privacy rose to the forefront with the EU’s GDPR regulations. Now states in the US, such as California with the CCPA, are starting to take a similar approach to privacy.  Daniel Marvin, Partner with Morrison Mahoney, LLP and leader of their Cybersecurity, Privacy and Data Protection team, will provide an overview of relevant laws and industry standards, and take the group through best practices and what internal auditors and technology professionals need to know as it relates to data privacy, breaches and how important it is to bring in the right legal counsel for your privacy and breach counsel.  

Daniel S. Marvin, Partner, Morrison Mahoney LLP, is a partner in the New York office of Morrison Mahoney and co-leader of the firm’s Cybersecurity, Privacy and Data Protection team where he provides a range of litigation and advisory services. Daniel’s advisory services include those relating to the development, modification and implementation of written information security plans, employee data security policies, third-party vendor contracts and corporate governance policies, as well as the counseling of clients in all aspects of data breach prevention, detection and mitigation. Daniel also advises clients with respect compliance with, and regulatory inquiries relating to, international, federal and state privacy and data protection laws including the CCPA, GDPR, GLBA, HIPAA and the N.Y.S. Department of Financial Services cybersecurity regulation.  He is a frequent speaker and author on cybersecurity and data privacy topics and trends, as well as a member of both the Rutgers University and Pace University Seidenberg School of Computer Science and Information System’s Cybersecurity Advisory Boards.  Daniel served as an Assistant District Attorney in Bronx County, New York where he gained significant courtroom experience in the Office’s Criminal Court, Grand Jury and Trial Division Bureaus.

 

Transforming Internal Audit through Automation

Even before the COVID pandemic Internal Audit was going through changes.  The acceleration of remote work has sped up the need for continued change within the ranks.  Our host, Russell Safirstein will walk us through the impact to internal audit and how a multi-dimensional audit team can lead the team towards greater automation. 

Russell Safirstein Russell Safirstein is Partner in Charge of Anchin Digital Risk Solutions (ADRS), that delivers and develops risk advisory technology services. Russell is also the President of Redpoint Cybersecurity, Anchin’s Cybersecurity subsidiary. Russell has been successful in bringing non-traditional solutions to an ever-changing work environment by combining audit, accounting, risk, compliance and technology in successful business engagements. He is a proven risk, audit and technology leader with more than 25 years of experience advising clients in a wide range of industries, including financial services, healthcare and management consulting. Russell is a highly regarded and sought after speaker on issues related to technology, audit and risk practices. Prior to joining the firm, Russell was a leader for two technology driven consulting firms and was Chief Auditor for nearly 20 years with several leading organizations. He began his career at KPMG and graduated from Adelphi University with a BBA in Accounting. Furthermore, Russell sits on Advisory Boards for Adelphi University and Ithaca College.

 

Data Intelligence Academy

As one of our regular contributors, Edgar Abreu will walk us through how the non-technical auditor can gain skills to perform data analytics. The Data Intelligence Academy is a formal training program developed in-house to upskill our traditional auditors on how to perform data analytics as part of their audit work. The academy also provides basic data analytics training to managers and senior leadership to increase the overall department’s data literacy. 

Edgar Abreu, CPA, CIA, CISA, ACDA Edgar started his career with ERNST & YOUNG, LLP (EY) and since then has attained over 20 years of experience performing data analytics for audit in various industries.  Edgar is a Certified Public Accountant, Certified Internal Auditor, Certified Information Systems Auditor, ACL Certified Data Analyst and is the co-founder and leader of a Data Analytics Peer Group servicing both Westchester County, New York and Fairfield County, Connecticut.  Edgar’s focus has predominately been on innovation and automation of audit activities using data analytics.  Recently Edgar has been focusing on building data analytics centers of excellence for audit departments and integrating data analytics throughout the audit process.  Currently Edgar is VP of Data Analytics at Synchrony, where he developed and leads the Data Analytics Team within Synchrony’s Internal Audit Department.  Prior to joining Synchrony, Edgar came to GE Capital in 2011 to build the Data Analytics Team and related process for the Credit Review function.

 

Assurance over End User Computing with Python

Data scientists increasingly turn to Python as their primary tool for data science and machine learning. Python’s utility extends into automation and connectivity as well.  Learn how one Internal Audit department applied Python to audit an End-User Computing (EUC) solution built on Microsoft Excel.  We’ll explore how one team leveraged Python and packages which connect to Excel to audit the accuracy and completeness of data, formulas and references in millions of cells across multiple Excel workbooks.

Charles Steiz, CIA, ACDA, CCSP,  AVP Professional Practice Leader – Data Science, Charlie currently enjoys working for the Data Analytics Team of Synchrony’s IA department. He performs data analysis for audits, instructs colleagues in data analytic techniques and contributes to the direction of the IA Data Intelligence Academy. Charlie’s 14 years within Internal Audit roles includes IT & Operations Audit, Professional Practices and Project Management roles for five public companies.  His achievements include technology and business transformation projects for the IA teams at Pitney Bowes and GE Capital. His passion for technology drove him to grow his capability to perform data analysis.  He’s instructed hundreds of auditors in data analytics training classes.

 

Auditing AWS Controls

During the presentation, we will discuss some of the basics of the AWS environment, and how to implement the necessary controls for AWS deployments in a shared control responsibility environment.  We will go over the basic controls for the most popular AWS services and how they can be tested effectively for regulatory oversight

Corbin Del Carlo Corbin has worked in information security audit for over 15 years.  Starting his career as a penetration tester for a national consulting company and working with multiple Financial Institutions to help secure their networks.  In the last four years, Corbin has been with Discover Financial Services IA department, current Vice President for IT audit.  During his time at DFS Corbin was involved in the pre-implementation work to ensure the DFS AWS installation would be compliant with our regulatory and information security needs.  Corbin is also the co-chair of the IIA-ISACA Chicago hacking conference.