ISSA Los Angeles

You must register and pay to attend: https://www.eventbrite.com/e/2025-holiday-meeting-with-issa-la-aitp-la-wsc-and-witi-tickets-1964596511050

### Come and network with your friends, make new friends, and hear a great talk by a survivor of the US Airways jet that Captain Sully crash landed in the Hudson River in New York City. There will be Cybersecurity games, a buffet dinner, drinks, and desert.

Josh Peltz is a successful cybersecurity executive with 20+ years of experience in emerging and disruptive technology solutions in cybersecurity, data and analytics and AI/ML. He's held security leadership positions at Duo Security, Cisco, ArmorCode, and currently is the VP of the West for Zero Networks.

Josh has a unique distinction of having been on the “Miracle on the Hudson” Flight 1549 piloted by Captain "Sully" Sullenberger, opening an emergency exit door and helping his fellow passengers to safety. He's been highlighted on CNN, The LA Times, The New York Times, NY Post, The Guardian UK and has appeared on The Dr. Phil show, The Oprah Winfrey show, and dozens of podcasts and keynotes in the years since. Josh will share some of the events before, during and after the Miracle on the Hudson and has an engaging way of relating these experiences and lessons to what CISOs and Cybersecurity professionals contend with during critical incident responses.

You must register to attend: https://www.eventbrite.com/e/zero-days-sleepless-nights-tickets-1976484733042

### Topic One: Zero Days & Sleepless Nights

A recap of the top campaigns and threat actors for 2025 plus early insights on what 2026 has in store for us.

Speaker One: Sandra Borneman-Wenzel

Sandra Borneman-Wenzel is a Principal Security Architect at Google, with nearly two decades of hands-on experience in information technology and network security. Her expertise spans cloud security, cyber threat intelligence, and developing security strategies for global enterprises. She has previously held key roles at leading companies, including Mandiant and Palo Alto Networks. She has a background in global financial services and military intelligence.

### Capture the Flag Exercise

Bring a laptop to participate and win swag!

Ctrl.Alt.Defeat is a hands-on, gamified cyber range designed by Foresite and powered by Google SecOps. Step into the role of a Security Analyst, Engineer, or SOC Leader — and experience how AI, automation, and collaboration redefine modern security operations. More information at https://info.foresite.com/ctrlaltdefeat

You must register to attend: https://www.eventbrite.com/e/prepared-tested-compliant-the-modern-incident-response-strategy-tickets-1977194947312

#### Meeting location will be announced soon.

#### Topic One: Prepared / Tested / Compliant: The Modern Incident Response Strategy

In today’s threat landscape, a structured Incident Response Plan (IRP) is not just a compliance checkbox—it’s a cornerstone of organizational resilience. We’ll explore the critical role of IR planning in safeguarding your data and meeting regulatory obligations under the NIST 800-171 framework. You’ll gain a high-level view of IRP components, including preparation, detection, containment, recovery, and post-incident analysis. We’ll also discuss the importance of tabletop exercises as a practical method to validate the IRP, uncover gaps, and strengthen coordination between departments. Hear how to integrate compliance requirements with operational readiness, ensuring a calm, rapid, and effective response to cyber incidents.

#### Speaker One: Eddie Darmawan

Since 1997, Eddie has combined his passion for technology with his belief that small and mid-sized businesses are the backbone of America. His career has spanned pivotal moments in technology—from helping migrate Los Angeles courthouses during Y2K, to weathering the dot-com bubble with one of the first free internet service providers (ISPs), to supporting a national bank through the financial crisis.

Through D1 Defend, an IT managed security service provider based in Ontario, California, Eddie helps businesses simplify the complexities of IT and Cybersecurity. Eddie serves on the Board of Putera Indonesia Sejahtera, a nonprofit in Jakarta, Indonesia, dedicated to creating educational opportunities for underserved communities.

#### Topic Two: Navigating the Global GRC Tsunami and the New Reality of AI Governance in 2026

The GRC landscape is no longer driven by voluntary standards; it is now being defined by mandatory, prescriptive regulations (DORA, NIS2, SEC Rules) that prioritize operational resilience and board-level accountability. Simultaneously, the rapid deployment of Generative AI is creating profound, unmanaged risks that traditional GRC frameworks are ill-equipped to handle. This session will provide cybersecurity professionals with an actionable blueprint for integrating operational resilience into their core GRC structure and establishing measurable, future-proof AI governance models for 2026 and beyond.

Key Learning Objectives & Discussion Points:

1. From Compliance to Resilience: Understanding the shift mandated by regulations like the EU's Digital Operational Resilience Act (DORA) and NIS2, and how to prove operational continuity to regulators, rather than just checking boxes.
2. AI Governance as the Next GRC Frontier: How to implement organizational controls (NIST AI RMF, EU AI Act principles) over the use, development, and data security risks associated with internal and third-party Agentic AI and Large Language Models (LLMs).
3. Accountability and Auditability: Strategies for quantifying AI risk (Model Risk Management) and establishing audit trails that satisfy regulators regarding the responsible use of high-risk AI systems.
4. The New Boardroom Mandate: Reviewing the impact of the US SEC Cybersecurity Disclosure Rules and CISA's CIRCIA on C-suite liability and mandatory incident reporting timelines, and what GRC teams must prepare for immediately.
5. Scaling GRC with Automation: Practical examples of leveraging integrated GRC platforms to harmonize controls across multiple frameworks (e.g., ISO 27001:2022, SOC 2, HIPAA) to meet the dramatically increased volume of global regulatory requirements.

#### Speaker Two: Alfred Ayala

Alfred is currently the GRC Chief at Longship International. He has created innovative, defensible, and purpose-engineered programs to protect banking, financial, technology, as well as the data infrastructures for $70M start-ups to $2.5T fortune-100 businesses.

His previous roles include Global Privacy Risk Compliance Manager for Meta, Chief Compliance Officer, SVP of Nano Banc, and Senior Compliance Officer, VP at MUFG. He holds CISM, CAMLS, CFLI, NMLS, and CIPP/US certifications. Alfred serves on many Boards, including EBPA and CSU-San Bernardino.