March 17, 2021 CPE Event

Topic: Auditing and Access Reviews in the Cloud Age, Then and Now

Join us for this presentation by Garret F. Grajek, CEO, YouAttest

Time and Location: March 17th, via Zoom Meeting 12:00-1:00pm

Click here to RSVP.  Please Note:  Zoom information and a Calendar Event will be sent in the RSVP Confirmation Email.

Garret Grajek, CEH, CISSP,  is a credential security professional who has 25+ years of IT Security product creation. He has 15 U.S. patents for information security products (focus: Application SSO, 2FA, Identity Assurance, Continuous Authentication, AI and Blockchain).

Garret has specialized in creating and promoting IT security products  for markets in the Financial, Health Care, Federal, State, Education  and other regulated arenas – having worked in product creation/deployment at companies like IBM, RSA, Cisco and starting his own 2-Factor Authentication firm: SecureAuth.

Products Garret has created resulted in multiple awards, Gartner ranking, and sold to over 500 customers resulting in $80M+ in revenue and sold for over $200M.

February 17, 2021 CPE Event

TopicA Pandemic Resistant Framework for Innovation

Join us for this presentation by Reid Stephan, VP, Chief Information Officer, St. Luke’s Health System

Time and Location: February 17th, via Zoom Meeting 12:00-1:00pm

Presentation Summary:  Innovation is one of the most frequently used words in business today, which has caused it to become outgrown as a concept and functionally not very useful. This has created an environment where it is possible to discuss innovation with a colleague and unknowingly have a conversation that is singular in intent, but entirely separate in terms of assumptions and understanding. Within the St. Luke’s Integrated Health Technologies (IHT) department, we have been working on establishing a framework for innovation with the goal of defining a common language and standardized approach to make innovation as accessible and repeatable as possible. The intent is to have a framework that will enable demand-side driven innovation rather than supply-side driven efforts that often result in waste. The framework strives to put the consumer at the center and is built on three core principles – empathy, curiosity, and rapid experimentation.

Reid Stephan is the VP, Chief Information Officer at St. Luke’s Health System. St. Luke’s is the  only Idaho-based, not-for-profit health system, with 9 hospitals and 200+ clinics serving the  needs of communities across Southwest Idaho. He has over 20 years of experience in the  technology space, including serving as St. Luke’s Chief Information Security Officer prior to his  current role, and 9 years leading HP’s global corporate IT security incident response program.

He has a Bachelor of Management Information Systems from the University of Idaho and an  MBA, Technology Management from the University of Phoenix. He is a HealthCare Information  Security and Privacy Practitioner (HCISPP) and a College of Healthcare Information  Management Executives (CHiME) Certified Healthcare CIO.

January 27, 2021 CPE Event

Please note . . . . this CPE Event has been rescheduled to January 27th . . . Sorry for any inconvenience this might have caused.  If you have already RSVP to the event, you do not need to send another RSVP.

TopicCybersecurity in Idaho

Join us for this presentation by Keith Tresh, Chief Information Security Officer at The State of Idaho

Time and Location: January 27th, via Zoom Meeting 12:00-1:00pm

Presentation Summary:  What is Idaho doing to promote cybersecurity to county and local government entities, education, schools, businesses, individuals, etc?

Keith Tresh, Chief Information Security Officer at The State of Idaho

As the State of Idaho CISO, I oversee the Information Security program for all Idaho State network systems including the management of Information Security implications within the Enterprise organization and programs. My other areas of responsibility include Cyber-specific strategic planning, workforce development, infrastructure protection, Information Security requirements and policy enforcement, emergency/disaster recovery planning and Cybersecurity education and awareness,

ISACA Boise Toys for Tots Giving

Please join the ISACA Boise chapter in our support of Toys for Tots.

ISACA Boise has given a cash donation of $500 to the Boise Toys for Tots Campaign and we are challenging all ISACA Boise members to donate an amount of your choosing to this worthwhile cause.

If you drop us a line (, we will post the names and businesses who have stepped up to the challenge to provide happiness and hope to less fortunate children by distributing toys, books, and other gifts collected by the Treasure Valley community.  Be sure to include how you would like your giving to be referenced.  (Name – (Business Name (opt))

ISACA Boise Chapter Member Giving Record

  1. ISACA Boise Chapter
  2. Dennis McLaughlin / Lamb Weston Pay it Forward Campaign
  3. Brian Tanner



December 16, 2020 CPE Event

Due to unforeseeable circumstances, we unfortunately need to cancel the CPE Event scheduled for Wednesday, December 16th, 2020.  We are on target to hold our CPE event in January.

TopicTop 10 Things They Hate about Us:  Avoiding the Security Traps in an IACS Assessment

Join us for this presentation by Bri Rolston, Chief Research & Security Geek, GkJuju Security & Consulting Services

Time and Location: December 16th, via Zoom Meeting 12:00-1:00pm

Please Note:  Zoom information will be sent in the RSVP Confirmation Email.

In keeping with our annual tradition, click below to assist ISACA Boise’s Virtual support of Toys for Tots.

 ISACA Boise Toys for Tots Giving

Presentation Summary:  In 20 years of IACS security work, I have yet to meet an engineering or process control team that doesn’t have a Top 10 Hate List for the security team.  10-20 security controls repeatedly cause more damage than they prevent if not rolled out in a thoughtful, methodical way to IACS networks.  

How can cyber security risk management efforts be considered effective if they CAUSE the impact we were hoping to avoid?  Why is it so hard for engineering and control system teams to fight the obvious and get IT and cyber security groups to pay attention?    

We’ll cover the basics of Industrial and Automation Control Systems (IACS) and why they differ so greatly from corporate IT environments.  Then, we’ll discuss how to secure them appropriately and balance functional vs technical security risk.  We’ll actually walk through a common Life Cycle Management (LCM) problem and do a technical risk analysis of it.

Bri Rolston, Chief Research & Security Geek, GkJuju Security & Consulting Services.  

By day, this mild-mannered <insert sarcastic disbelief here> geek works at Idaho National Laboratory  and specializes in defensive, security engineering research and threat response. She has more than 25 years’ experience in telecommunications, Information Technology (IT), Industrial Automation & Control  Systems (IACS)/Operational Technology (OT) security research as well as a wide range of operational  security experience including incident response, threat management, risk analysis & remediation,  vulnerability management, secure code development, cloud security, and IACS security program  development. She has trained a number of IACS incident response teams including DHS CIRT in 2005,  contributed to IACS and OT security standards development for DHS, DOE, NIST, and ISA/IEC, run a  number of incident response efforts for nation-state attacks (Google Aurora 2010), and has a patent for  efficient attack path selection and risk analysis.  

By night, the geek side REALLY comes out. She spends more time than she should considering deeply geekly ideas as part of the global research community, helps organize conferences such as BSides IF,  volunteers at small community groups, and vacations at different security cons. During this time, she follows the darker path of threat research–fingerprinting attack teams, examining the halo effects in  exploit development, and identifying 2nd-payload in IACS/OT attacks. Sometimes, she even plots world  domination and may plan to take over the world using a IIoT tractor SDRs, cell-towers, drones, and  satellites . <Cue evil laugh>