December 18, 2019 CPE Luncheon

Topic:  DevSecOps: Bringing the Security –The Missing Link in Delivering on the Promise of Business Velocity and Quality to DevOps

Toys-4-Tots Donation Opportunity

Join us for this presentation by Robert Clyde – Immediate Past Chair of ISACA International’s Board of Directors

Time and Location: December 18th, at Albertsons HQ, 250 E Parkcenter Blvd @ 11:30 AM to 1:30 PM. (1.5 CPE will be given for this meeting)

RVSP link to be posted at a later date…

Presentation Summary:  There is one constant in all our lives – change! Change is accelerating driven by disruptive technologies which are fueling innovative business models across every vertical from Banking to public services. To succeed with Innovation at speed, IT organizations must accelerate their release velocity – and do it with greater quality, security, assurance, and availability! Enter DevOps!

For most organizations, the transition to DevOps starts small, in a single team or a new project with cobbled together open source solutions, with security often an afterthought. To scale effectively, deploying daily or hourly or even more frequently, requires organizations treat security and audit as a first-class citizen – engaged in all aspects of the development and deployment lifecycle. Rob will share market trends, tips and techniques to incorporate audit and security needs into the complete DevOps lifecycle – delivering DevSecOps.

 After completing this session, you will be able to:

  • Explain the core DevOps and DevSecOps principles
  • Understand your role in DevOps and how to move to DevSecOps
  • Identify the key components of DevSecOps
  • Analyze select the appropriate audit and security techniques to incorporate into the DevSecOps processes and methodology

Robert A. Clyde is the immediate past chair of ISACA’s board of directors, independent board director for Titus, and executive chair of the board of directors for White Cloud Security. He serves as an executive advisor to BullGuard Software. Previously, he was CEO of Adaptive Computing, CTO at Symantec and a co-founder of Axent Technologies and Clyde Digital.

Rob Clyde

2019 Ethics Seminar (Partnered between ISACA and IIA)

2019 Ethics Seminar Topic:   Warning, AI is Watching!

Join us for this presentation by Dr. Brian Steverson – Gonzaga University

Time and Location: December 10th, at Albertsons HQ, 250 E Parkcenter Blvd @ 2:00 – 4:00 PM (Please park in a non-reserved parking space. Meet in the lobby at 1:45pm for security check-in.)

ISACA/IIA Member: $35
Students or ISACA / IIA Retirees: $10
Non-Members: $50

Click here to RVSP.

Warning, AI is Watching!
Auditing, financial reviews and fraud investigations involve the gathering, generation, and analysis of information. Modern information technologies, like data mining algorithms and artificial intelligence driven data analytics, will increasingly become necessary tools for auditors, fraud examiners, as well as other financial personnel. In this session we will discuss some of the ethical concerns that arise in the use of such information technologies as integral pieces in successful use of the data.

Dr. Brian K. Steverson is the John L. Aram Chair of Business Ethics in the School of Business Administration at Gonzaga University. Prior to assuming the Aram Chair, in 2008, he was a member of the Philosophy Department since 1992. He received his Ph.D. from Tulane University in 1991. He served as Faculty President at Gonzaga from 2014-2018. He was also a Faculty Regent from 2015-2018. His main areas of current scholarship are business ethics, professional ethics, and the ethics of entrepreneurship. His work has appeared in Environmental Ethics, the Online Journal of Ethics, Topics in Contemporary Philosophy, the Business and Professional Ethics Journal, the Journal of Ethics & Entrepreneurship, and the Journal of Jesuit Business Education. His The Ethics of Employment Screening for Psychopathy is in press with Lexington books. He is currently working on another book, An Ethics Primer for Fraud Examiners. He is also doing research with a colleague on entrepreneurs as agents of normative social change.

November 20, 2019 CPE Luncheon

Topic: Bridging the Gap Between IT and the Business

Join us for this presentation by Bill Spoehr – Albertsons Companies

Time and Location: November 20th, at Boise Plaza, 1111 West Jefferson @ 11:30 AM to 1:00 PM.

Click here to RSVP.

Presentation Summary:

ISACA and Protiviti have recently partnered to discuss tech partnerships, talent and transformation and said the following, “Organizations worldwide are focused on transformation. Some, in fact, can find themselves in a determined rush to automate, become more digital and bring in the latest advanced technologies. It is in these instances where IT audit can deliver value by providing a clear point of view on the underlying processes strategic technology projects are serving and by partnering effectively with the IT organization to ensure that these projects achieve their objectives, not only in terms of performance, but also in terms of appropriate controls. In the process, IT audit must have an agile, “next-gen” mindset and approach.”

Bill will discuss the challenges in achieving these goals in our November CPE event.


As Chief Audit Executive responsible for all Internal Audit activities, Bill oversees a 25 person department based in 3 locations in the USA. Bill and his team report to the Audit Committee of the Board of Directors and execute a risk-based, rolling audit plan focused on business strategic risks and opportunities across IT (major initiatives include: cybersecurity, infrastruture, governance and risk, and IT operations), SOX compliance, supply chain and manufacturing, regulatory compliance, and various corporate functions.

Albertsons Companies is a leading food and drug retailer, headquartered in Boise, Idaho. One of the largest private companies in the United States with annual revenues of over $60 billion, the company operates stores across 35 states and the District of Columbia under 18 well-known banners including Safeway, Albertsons, Vons, Jewel-Osco, Shaw’s, Acme, Tom Thumb, Randalls, United Supermarkets, Pavilions, Star Market and Carrs.

Bill has extensive experience in financial and operational auditing and operations, and has developed and integrated corporate and operational teams in SEC accounting and reporting, GRC program development, and internal and external auditing.

Specialties: Auditing, Financial and IT GCC controls design and review, GRC matters, SEC reporting, Retail accounting and processes GAAP accounting compliance

October 16, 2019 CPE Luncheon

Topic:  Incident Response/Data Integrity

Join us for this presentation by Diego Curt, Chief Compliance Officer, Idaho Government.

Time and Location: October 16th, at Boise Plaza, 1111 West Jefferson @ 11:30 AM to 1:00 PM.

Summary:  How prepared are you in handling a major cyber incident? Have you setup your Cyber Incident Response capability for continuous improvement? When the cyber incident is over, can you produce metrics to help you improve your defenses? The State of Idaho recently overhauled their Incident Response capability to answer these questions and more. For many organizations, a cyber incident response capability is more reactionary than proactive in nature. In this presentation, you will learn how to apply NIST SP 800-53 Incident Response Controls in a practical way. How to utilize event recording and information sharing languages to derive meaningful metrics, and what the State of Idaho did to make it accessible throughout our great State.

Prior to June 2019, Diego was the State of Idaho’s Deputy Chief Information Security Officer and did more than set state-wide policy and direction to protect information system assets.  Using his more than 7 years IT Auditing and Performance Improvement experience within his 25-year IT career, he determined to apply and combine his unique education and experience in cybersecurity to simplify the implementation of major control frameworks such as NIST SP 800-53. Diego and a team of state agency personnel developed the State of Idaho’s first state-wide Incident Response capability based on best-practices. Diego is married to his best friend Dina and has three children all over 18 years of age. Diego is a U.S. Coast Guard veteran and loves to go out for a ride on his Harley when he can get the chance.