ISSA Los Angeles

You must register to attend: https://www.eventbrite.com/e/zero-days-sleepless-nights-tickets-1976484733042

### Topic One: Zero Days & Sleepless Nights

A recap of the top campaigns and threat actors for 2025 plus early insights on what 2026 has in store for us.

Speaker One: Sandra Borneman-Wenzel

Sandra Borneman-Wenzel is a Principal Security Architect at Google, with nearly two decades of hands-on experience in information technology and network security. Her expertise spans cloud security, cyber threat intelligence, and developing security strategies for global enterprises. She has previously held key roles at leading companies, including Mandiant and Palo Alto Networks. She has a background in global financial services and military intelligence.

### Capture the Flag Exercise

Bring a laptop to participate and win swag!

Ctrl.Alt.Defeat is a hands-on, gamified cyber range designed by Foresite and powered by Google SecOps. It's a live, guided experience based on actual threats.

Learning Objectives:

1. Master Threat Investigation: Learn to query and correlate normalized security telemetry using the Unified Data Model (UDM).
2. Accelerate Response: Practice using GenAI and SOAR automation to drastically reduce Mean Time to Detect/Respond (MTTD/MTTR).
3. Operationalize SecOps: See how cloud-native security platforms are tuned and configured in enterprise environments.

Experience how AI, automation, and collaboration redefine modern security operations. More information at https://info.foresite.com/ctrlaltdefeat

You must register to attend: https://www.eventbrite.com/e/prepared-tested-compliant-the-modern-incident-response-strategy-tickets-1977194947312

#### Meeting location will be announced soon.

#### Topic One: Navigating the Global GRC Tsunami and the New Reality of AI Governance in 2026

The GRC landscape is no longer driven by voluntary standards; it is now being defined by mandatory, prescriptive regulations (DORA, NIS2, SEC Rules) that prioritize operational resilience and board-level accountability. Simultaneously, the rapid deployment of Generative AI is creating profound, unmanaged risks that traditional GRC frameworks are ill-equipped to handle. This session will provide cybersecurity professionals with an actionable blueprint for integrating operational resilience into their core GRC structure and establishing measurable, future-proof AI governance models for 2026 and beyond.

Key Learning Objectives & Discussion Points:

1. From Compliance to Resilience: Understanding the shift mandated by regulations like the EU's Digital Operational Resilience Act (DORA) and NIS2, and how to prove operational continuity to regulators, rather than just checking boxes.
2. AI Governance as the Next GRC Frontier: How to implement organizational controls (NIST AI RMF, EU AI Act principles) over the use, development, and data security risks associated with internal and third-party Agentic AI and Large Language Models (LLMs).
3. Accountability and Auditability: Strategies for quantifying AI risk (Model Risk Management) and establishing audit trails that satisfy regulators regarding the responsible use of high-risk AI systems.
4. The New Boardroom Mandate: Reviewing the impact of the US SEC Cybersecurity Disclosure Rules and CISA's CIRCIA on C-suite liability and mandatory incident reporting timelines, and what GRC teams must prepare for immediately.
5. Scaling GRC with Automation: Practical examples of leveraging integrated GRC platforms to harmonize controls across multiple frameworks (e.g., ISO 27001:2022, SOC 2, HIPAA) to meet the dramatically increased volume of global regulatory requirements.

#### Speaker One: Alfred Ayala

Alfred is currently the GRC Chief at Longship International. He has created innovative, defensible, and purpose-engineered programs to protect banking, financial, technology, as well as the data infrastructures for $70M start-ups to $2.5T fortune-100 businesses.

His previous roles include Global Privacy Risk Compliance Manager for Meta, Chief Compliance Officer, SVP of Nano Banc, and Senior Compliance Officer, VP at MUFG. He holds CISM, CAMLS, CFLI, NMLS, and CIPP/US certifications. Alfred serves on many Boards, including EBPA and CSU-San Bernardino.

#### Topic Two: Prepared / Tested / Compliant: The Modern Incident Response Strategy

In today’s threat landscape, a structured Incident Response Plan (IRP) is not just a compliance checkbox—it’s a cornerstone of organizational resilience. We’ll explore the critical role of IR planning in safeguarding your data and meeting regulatory obligations under the NIST 800-171 framework. You’ll gain a high-level view of IRP components, including preparation, detection, containment, recovery, and post-incident analysis. We’ll also discuss the importance of tabletop exercises as a practical method to validate the IRP, uncover gaps, and strengthen coordination between departments. Hear how to integrate compliance requirements with operational readiness, ensuring a calm, rapid, and effective response to cyber incidents.

#### Speaker Two: Eddie Darmawan

Since 1997, Eddie has combined his passion for technology with his belief that small and mid-sized businesses are the backbone of America. His career has spanned pivotal moments in technology—from helping migrate Los Angeles courthouses during Y2K, to weathering the dot-com bubble with one of the first free internet service providers (ISPs), to supporting a national bank through the financial crisis.

Through D1 Defend, an IT managed security service provider based in Ontario, California, Eddie helps businesses simplify the complexities of IT and Cybersecurity. Eddie serves on the Board of Putera Indonesia Sejahtera, a nonprofit in Jakarta, Indonesia, dedicated to creating educational opportunities for underserved communities.

You must register to attend: https://www.eventbrite.com/e/building-future-cybersecurity-leaders-today-tickets-1977659979235

### Topic One: Building Future Cybersecurity Leaders Today

Organizations across all industries eventually reach a critical juncture: the realization that relying on luck is no longer sufficient to protect their vital information and systems. At this point, they must choose a path forward—whether to hire seasoned professionals, develop talent internally, or outsource to trusted experts.

Given the current shortage of cybersecurity professionals and the urgent demand for skilled talent, how can organizations accurately assess the experience of potential candidates? More importantly, how can established professionals ensure their teams are set up for long-term success?

This session will share key observations and foster discussion about the career development strategies necessary to achieve excellence in cybersecurity leadership. We will also explore the distinction between leaders and managers, and why cultivating leadership qualities in yourself and those you mentor is essential.

You will learn how to:

• Identify the stages of cybersecurity talent development
• Recognize and address gaps in team growth
• Communicate to management the value of nurturing cybersecurity leadership organically

When executed effectively, developing future cybersecurity leaders will position your organization for sustained success and create pathways for talent development that extend beyond your company, driving positive change throughout the profession.

Speaker One: Frederick Beck

Frederick Beck is a retired Air Force Major with 22 years of service and a former Director of Cybersecurity Infrastructure Services and Operations. With over 34 years of experience in IT, cybersecurity, and leadership, Fred has held numerous key positions, including Section Chief for Defensive Counter-Information Warfare, Deputy Flight Commander for Network Operations and Security at the US Air Force Academy, Test Director for RQ-4 Global Hawk Operational Test and Evaluation, and Section Manager for Global Cyber Security Operations and Infrastructure at NASA’s Jet Propulsion Lab.