Past Meetings

A standardized risk based approach to privacy using ISO27701

Tuesday, February 16, 2021 - 6:00pm

Matthew Corwin

Matthew Corwin

A privacy program in this rapidly evolving regulatory environment must take into account many perspectives, including: an understanding of the current requirements applicable to each business process which involves personal information, the business justifications for the use of that personal information; the way in regulatory requirements translate into technical and process changes, how those changes are best addressed from the application level to the organizational level; future-proofing against changing applications, business needs, and additional regulatory requirements, increased customer and partner expectations, and peer competitor strategies. This program must also be risk based and designed to achieve a viable defensible position in the shortest amount of time, without boiling the ocean, and should include a road map for continuous improvement and recurring risk and privacy assessments.

Cyber Attack Trends and Insider Threats

Tuesday, December 15, 2020 - 6:00pm

Learn what cyber attack trends California is facing and find out from recent FBI cases how insider threats can pose a threat to your organization. The talk will provide insights from cases that display specific methods in which organizations were victims. How it happened, why it happened, who was affected and lessons learned.  On the heals of National Insider Threat Awareness Month in September the latest best practices and resources will also be shared.


 Supervisory Special Agent, Cyber Squad, FBI San Francisco

Supervisory Special Agent, Cyber Squad, FBI San Francisco



Tuesday, November 17, 2020 - 6:00pm

Historically, fraud detection and cybersecurity have been separate disciplines with unique objectives and approaches. But as criminal organizations seek to take advantage of online tools for fraudulent campaigns, they’ve created integrated techniques that encompass elements of both domains. Therefore, professionals charged with defending corporate networks and assets must also come together to defend against these shared adversaries.

Privacy Engineering Demystified: You Too Can Be a Privacy Engineer

Tuesday, October 20, 2020 - 6:00pm

In 2018, GDPR brought data privacy to the forefront. The prior regulation had the impact of “ankle biters” and was often ignored. However, the new version has the potential chomp of a Megalodon for non-compliance. The rapid pace of technology innovation, paired with the maturation of the Internet of Things, digitation/automation efforts along with big/deep data analysis, creates a world where ensuring data privacy seems impossible. Every week there are new reports of data breaches or privacy violations. Two recent examples are Ring Doorbell and Facebook.

Controlled Mayhem With Cloud Native Security Pipelines

Tuesday, September 15, 2020 - 6:00pm

Managing security within a cloud-native development pipeline requires reimagining traditional security rituals. With hybrid and multi-cloud deployments as well as different container runtimes, orchestration platforms, and technology stacks, getting it right requires more than tooling. We must understand how our teams build software and consume telemetry gleaned through operations. Securing the pipeline from developer tools to production infrastructure requires a continuous approach to security, by shifting left and shifting right too.

Building higher confidence in third party cyber risk management

Tuesday, July 21, 2020 - 6:00pm

Kay Naidu

As more organizations have strengthened their cyber risk management, adversaries have shifted focus to third party ecosystems that historically have weaker defenses. To better manage these challenges, Delta Dental of California has built an adaptable third party risk assurance capability. It uses an innovative approach that tailors rigor and frequency of testing based on the impact and nature of each business relationship. It also incorporates threat intelligence to efficiently allocate valuable talent. Join us to learn how to apply these principles within your organization.

Demystify Machine Learning in Cyber Security & Connect the Dots Through Graph ML

Tuesday, June 16, 2020 - 6:00pm

Artificial Intelligence (AI) and Machine Learning (ML) have become the buzz words for Cyber Security. Everyone is talking about them, as if they are magic black boxes. In this talk, we are going to white-box ML to some extent to understand what is possible with the current generalization of technology in particular for the cyber security field. Furthermore, we will dive into one important example, how we can use Graph ML to better “connecting the dots” and to link multiple individual suspicious activities to understand the big picture of attacks.