Training Session Announcement

We are thrilled to announce our last track in our full-day training sessions being held on October 31, 2018. We are excited to have Sandy Fadale, veteran ISACA CRISC, CGEIT and CISM certification instructor teaching the course Governance leading practices – How to setup governance in your organization.

IT governance provides a structure for aligning IT strategy with business strategy. By following a formal framework, organizations can produce measurable results toward achieving strategies and goals. A formal program also takes stakeholders’ interests into account, as well as the needs of staff and the processes they follow. In the big picture, IT governance is an integral part of overall enterprise governance. IT governance and GRC are practically the same thing. GRC is the parent program, what determines which framework is used is often the placement of the CISO and the scope of the security program.

Organizations today are subject to many regulations governing the protection of confidential information, financial accountability, data retention and disaster recovery, among others. They’re also under pressure from shareholders, stakeholders and customers. To ensure they meet internal and external requirements, many organizations implement a formal IT governance program that provides a framework of best practices and controls. Both public- and private-sector organizations need a way to ensure that their IT functions support business strategies and objectives. And a formal IT governance program should be on the radar of any organization in any industry that needs to comply with regulations related to financial and technological accountability.

In this day-long course, you will learn about:

  • Frameworks for Governance- Ensure the definition, establishment and management of a framework for the Governance of Enterprise IT in alignment with the mission, vision, and values of the organization.
  • Strategic Management – Ensure that IT enables and supports the achievement of enterprise objectives through the integration and alignment of IT strategic plans with enterprise strategic plans.
  • Benefit’s Realization – Ensure that information technology (IT) – enabled investments are managed to deliver optimised business benefits and that benefit realization outcome and performance measures are established, evaluated and progress is reported to key stakeholders.
  • Risk Optimization – Ensure that an IT risk management framework exists to identify, analyze, mitigate, manage, monitor, and communicate IT-related business risk, and that the framework for IT risk management is in alignment with the enterprise risk management (ERM) framework.
  • Resource Optimization – Ensure the optimization of IT resources, including information, services, infrastructure, and applications, and people to support the achievement of enterprise objectives.

Sandy Fadale, CISM, CGEIT, CRISC, CISA, CBCP, I.S.P., is a solutions-oriented Global IT Risk, Security, Policy and Compliance Senior Leader with notable success directing a broad range of corporate security initiatives while participating in planning and implementation of information-security, governance, risk and compliance management solutions in direct support of business objectives for Mariner Security Solutions a division under Mariner Partners.

Announcing our Latest Keynote – Dr. Lisa Bradley


Dr. Lisa Bradley is currently the Senior Program Manager for NVIDIA’s Product Security Incident Response Team (PSIRT). Her responsibilities include the management and resolution of product security vulnerabilities involving all NVIDIA products. She has 5+ years of experience leading PSIRT programs as she previously worked at IBM for 17 years. Lisa has served as a spokeswoman for many tech-related events including 2016-2018 FIRST PSIRT Technical Colloquium, 2017 FIRST Annual Conference, the Security Journey White Belt modules, and helped develop the FIRST PSIRT Services Framework and Training Videos. Lisa received her BA degree in both Mathematics and Computer Science from SUNY Geneseo. She also has a Masters and PhD in Applied Mathematics from NC State University. Outside of her role with NVIDIA, Lisa has been an adjunct professor at local universities for the past 12 years.

Training Session Announcement

We are pleased to announce that Peter Morin will be delivering a full day training session entitled, “Human Security – Understanding Behavior and Building Successful Programs to Protect Your Organization.”

During this one day workshop we will be looking at understanding the security related to human behavior and how to build successful programs to protect your organization. The session will include the following:

  • An overview of key trends related to the top human risks
  • Methods used by attackers to target employees
  • Phishing – how to implement a phishing awareness program including live demos of tools and techniques and how to measure effectiveness
  • Social engineering – methods used by attackers to take advantage of human behavior, and how to test your employees
  • Insider threats – understanding the key indicators of a potential insider-based attack on your organization’s assets

Peter is a Director in KPMG’s Risk Consulting – Cyber Security practice in Canada. He is a senior cyber security professional with over 20 years of experience focusing on information security risk management, penetration testing, cyber threat incident response, malware analysis, and computer forensics. Peter has worked in senior positions for a number of organizations, including a national telecommunications and media company, Fortune 500 cloud-computing company, a recognized cyber security software company and most recently a major US defense contractor.