2017 NSAA IT Conference October 4-6, 2017 Tacoma, Washington SPEAKER BIOGRAPHIES

Transcription

1 2017 NSAA IT Conference October 4-6, 2017 Tacoma, Washington SPEAKER BIOGRAPHIES DAVID ASHLEY, CISA, CISM, CBCP, CHP, CRISC, has served as the director of EDP audit for the state of Mississippi with the Office of the State Auditor for the last four years. David has over 40 years of experience at the domestic and international levels in information technology auditing, operations, applications development, and technical support. In addition, he has been involved in numerous business continuity planning and disaster recovery projects. David graduated from Delta State University with a master of education in 1975 and Millsaps College with a master of business administration in David is a certified information systems auditor, certified information security manager, certified business continuity professional, certified HIPAA professional and is certified in risk and information systems controls. Immediately prior to coming to the State Auditor s Office, David served for over eight years as manager of IT risk and assurance at a CPA firm that was ranked in the Top 50 firms in the United States, where he gained considerable experience in the areas of publicly traded and private entities, governmental entities, healthcare, SAS 70/SSAE 16 (SOC report generation and use), and regulatory compliance. While David enjoys the challenge of auditing agencies with very complex computer systems, he realizes the most satisfaction when helping smaller entities secure their information assets and passing along to both staff and clients the knowledge about business systems, as well as life, that he has gained through his varied experiences. BLAKE BIALKOWSKI, CISA, PMP, is an audit manager with the commonwealth of Virginia s Office of the Auditor of Public Accounts (APA). Blake has worked for the commonwealth for over 13 years, with 11 being at the APA. He has experience performing financial, project management, and information security audits. Blake is currently on the information systems security team that performs information security audits at all public colleges, universities, and agencies in the commonwealth. Blake has a bachelor of science degree in business information technology from Virginia Tech. Blake has a six-year-old daughter, and enjoys spending time outside with her and his wife. Blake is a huge fan of the Virginia Tech Hokies and is unfortunately a Redskins fan. JARED BROWN is a special agent assigned to the FBI Seattle Cyber Task Force. He has worked for the FBI since 2005 in the Seattle and San Francisco field offices. MIKI CESTNIK, CISA, has been working with the Montana State Legislative Audit Division for over four years as an IS auditor. This summer she obtained the certified information security auditor credential. Prior to working in Montana, she was involved with process improvement as a business analyst and merchandise planner for the private sector in Nebraska. Outside of work, she competes in and coaches weightlifting and powerlifting and drives two children around to various activities. JOE CLARK has been with the Washington State Auditor s Office since early He has worked on multiple performance audits, including SAO s 2016 and 2017 IT security performance audits of state agencies. In late 2016, he administered a survey of nearly three dozen Washington state agencies, soliciting feedback on SAO s IT security performance audits and areas for improvement. Joe has a master s degree in public policy and a bachelor s degree in economics from Oregon State University. SCOTT DeVINEY, CPA, has worked for the Office of the Washington State Auditor since He leads the office s technical support team to deliver current audit guidance, training, technical assistance and quality assurance. He also serves on the Financial Management Standards Board of the Association of Government Accountants and both the Peer Review and Audit Standards and Reporting committees of the National State Auditors Association.

2 SHELLY FANSON, CPA, CISA, was appointed as an audit manager in December As an audit manager, Ms. Fanson shares responsibility with the Audit Division administrator for the oversight of information technology audits at all departments and for the oversight of financial and performance audits at the Michigan Department of Agriculture and Rural Development, the Department of Environmental Quality, the Department of Natural Resources, and the Department of Transportation. In addition, Ms. Fanson participates in the formulation of audit policy and the establishment of goals and objectives for improving the effectiveness and efficiency of the Bureau of Audit Operations. She also participates in the presentation of final audit reports to legislative committees and represents the auditor general when consulting with, providing assistance to, or advising officials from other states, the federal government, and professional organizations. Ms. Fanson is a member of the American Institute of Certified Public Accountants and the Information Systems Audit and Control Association. Ms. Fanson is a member of the National State Auditors Association's E-Government Committee. She has a bachelor's degree in accounting from Michigan State University. MIKE FARRAR, CISA, CISM, CGFM, has spent his entire career in roles that focus on public accountability and transparency. Mike worked for 25 years in the New York State Comptroller s Office where he conducted performance audits of New York State agencies and public benefit corporations, and where he was also responsible for ensuring technology resources for the audit unit ran efficiently and were adequately supported. Mike left the Comptroller s Office to join the newly-created New York State Authorities Budget Office in The Authorities Budget Office s primary responsibility is to make public authorities more accountable and transparent, and to ensure public authorities act in the public interest consistent with their intended purpose. Mike is a certified information systems auditor, a certified information security manager, and a certified government financial manager. Mike is also an active member of the Association of Government Accountants and the Information Systems Audit and Control Association, where he is a past president and board member of the Hudson Valley chapter. TERESA FURNISH, CISA, is the IT audit manager at the Oregon Secretary of State s Audits Division. She is a certified information systems auditor and holds degrees in liberal studies, english, accounting, and business management with an option in managing information systems. She has been performing, leading or managing information technology audits at the division since Her work includes multiple reviews of security management and general controls at the state data center and security, application, and general controls reviews at numerous other agencies. GORAN GUSTAVSSON, CISM, CISSP, is an audit director with the commonwealth of Virginia s Auditor of Public Accounts. He has been with the APA since He is also the team leader for the information systems security specialty team, which is responsible for audits of IT systems at state agencies and public institutions of higher education. Goran has a bachelor of science degree in computer science from Virginia Commonwealth University and a master of business administration degree with concentration in information security from James Madison University. Goran is an active pilot and flies Cirrus SR-20/22 aircrafts out of Chesterfield Airport. He lives with his wife and two daughters in Chesterfield County, Virginia. KAREN HELDERMAN, CPA, CISA, PMP, is an audit director with the Office of the Auditor of Public Accounts and has more than 31 years of audit experience. She specializes in managing audits that are highly automated and also serves as a systems development audit director. Since 2003, much of her work has involved following Virginia s activities to consolidate the IT infrastructure, develop project management standards, and replace existing central administrative systems. Karen and her team have made recommendations on these activities and other major systems development initiatives in numerous audit reports. Karen graduated with a bachelor s degree in accounting from Christopher Newport University and holds a master s degree in business administration from Virginia Tech. She currently serves as vice chair of the National State Auditor s Association E-Government Committee.

3 MIKE HJERMSTAD joined the State Auditor s Office in 2014 as an assistant state auditor with the State Technology Audit Team, and is now an assistant audit manager with the Local Information Systems Audit Team. Mike s primary responsibility is to plan and manage SAO s ongoing series of local government cyber security audits, which are performed free to local governments of all sizes and purposes within the State of Washington. In addition, Mike also works on audit strategies and resources related to cybersecurity for use by SAO staff and local governments. Prior to joining the State Auditor s Office, Mike spent over 15 years with the information technology division of PriceWaterhouseCoopers. During that time, Mike developed an extensive knowledge of IT and IT security through practical experience and by observing and providing technical assistance to PwCs IT audit practice. TINA KIM is the deputy comptroller for state government accountability. She previously served as the Office of the New York City Comptroller's deputy comptroller for audit, and the New York State Department of Transportation's director of the Audit and Civil Rights Division as well as the leader of the New York State Economic Recovery and Reinvestment Cabinet's Internal Control and Fraud Prevention Working Group. Ms. Kim is current chair of the Institute of Internal Auditor's Information Technology Guidance Committee and former chair of the IIA s Public Sector Committee as well as the American Institute of Certified Public Accountant's Government Performance and Accountability Committee. Ms. Kim is also a member of the audit committee for the Council of Korean Americans. She is the co-author of numerous articles and other publications on auditing and fraud-related topics. Prior to joining the Department of Transportation, she was the deputy inspector general for audit with the Office of the State Inspector General. Ms. Kim has a master s degree in accounting and information technology and a bachelor's degree in economics. KATHY LOVEJOY, CPA, CISA, is a senior audit manager for the Illinois Office of the Auditor General. Her areas of responsibility include managing financial audits, attestation examinations and information technology reviews of Illinois government agencies. In addition, she is responsible for the state of Illinois Service Organization Engagement. Ms. Lovejoy graduated from the University of Illinois and is a member of the American Institute of Certified Public Accountants and the Information Systems Audit and Control Association. SUNIA LAULILE joined the State Auditor s Office in October 2015 as an information security specialist. Sunia serves as an IT security expert supporting performance audits at the state and local level. He also serves in the State Auditor s Office internal security team for IT security policies and program. In total, Sunia has about two years of service with the state of Washington and 12 years of experience within the IT field. Additionally, Sunia is an actively serving member in the Washington Army National Guard with more than nine years of service. His current assignment is in information technology. RUSS McREE is group program manager of the Blue Team for Microsoft s Windows & Devices Group. He writes toolsmith, a monthly column for information security practitioners, and has written for other publications including Information Security, (IN)SECURE, SysAdmin, and Linux Magazine. Russ has spoken at events such as DEFCON, Derby Con, BlueHat, Black Hat, SANSFIRE, RSA, and is a SANS Internet Storm Center handler. He serves as a joint forces operator and planner on behalf of Washington Military Department s cyber and emergency management missions. Russ advocates for a holistic approach to the practice of information assurance as represented by holisticinfosec.org. HILDA MORGAN, CPA, CISA, CGFM, is an audit coordinator with the Auditor General s Office in the state of Florida. Hilda has 27 years of governmental IT audit experience including conducting application and general controls audits at state agencies, educational entities, and state data centers. Prior to working for the Auditor General s Office, Hilda worked in the private sector concentrating in accounting. Hilda is a certified public accountant, certified information systems auditor, and a certified government financial manager. Hilda received a bachelor of science in accounting and a bachelor of science in finance from the Florida State University.

4 DAVID MORRIS is the chief technology officer for cybersecurity for the state of Washington s Office of Cybersecurity. The Washington State Office of Cybersecurity was created in 2015 in response to everincreasing threats to individual privacy, infrastructure stability, and preserving the continuity of commerce in the event of a cyber-attack. The office is a part of Washington Technology Solutions (WaTech), the state agency responsible for central information technology services and policy for all state agencies. David manages the Computer Emergency Readiness Team, Cyber Threat Intelligence Program, and Digital Forensics Services. These teams provide proactive cyber defense, network assessments and incident response for organizations on the state of Washington government network. This group is comprised of professional cyber incident responders, forensics experts, and code analysts. Together they form a focal point for reporting, containment, and recovery of cyber security incidents. David is a certified security professional with over 15 years of experience as an engineer and technical manager supporting a diverse range of complex network environments for government, private, and non-profit industries. David has a focus in security technologies with specialty and credentialing in digital forensics, ethical hacking and incident response. David s recent efforts are in building out a threat intelligence program for sharing information within a state-level Information Sharing and Analysis Center, or ISAC. This program will provide machine-level information to ISAC members for the immediate strengthening of security defenses across the state of Washington. In March of 2017, David was nominated for the 2017 Governor s Award for Leadership in Management. He has been president of the Rainier chapter of ISSA for the past four years, and is an active member of the Seattle InfraGard Chapter and the High Technology Crime Investigative Association. AMANDA SAYLER is currently serving as an information systems auditor for the Legislative Audit Division in Montana where she provides support to financial compliance as well as conducts various types of information systems audits. She has only been employed with Legislative Audit Division for a little over a year. She previously worked in higher education as a full-time systems analyst in Denver, where she also graduated with a master s degree in public administration. MELISSA A. SCHUILING, CPA, CISA, joined the Michigan Office of the Auditor General in October She was appointed audit division administrator in April Ms. Schuiling is primarily responsible for the oversight of IT audits of general and application controls, as well as performance audits of the Department of Agriculture and Rural Development, Department of Environmental Quality, and Department of Natural Resources. Prior to becoming an audit division administrator, Ms. Schuiling served the OAG as a principal IT audit supervisor and an audit manager. Ms. Schuiling graduated from Ferris State University with bachelor of science degrees in accounting and computer information systems. She is a member of the American Institute of Certified Public Accountants. BRENDA SHINER, CISA, is an audit supervisor with the Auditor General s Office in the state of Florida. Brenda has 11 years of governmental IT audit experience including conducting application and general controls audits at state agencies, educational entities, and state data centers. Prior to working for the Auditor General s Office, Brenda worked as a technology consultant for Arthur Andersen and Andersen Consulting specializing in the design and development of large federal systems. Brenda is a certified information systems auditor and received a bachelor s degree in management information systems from Old Dominion University in Virginia. PAUL UNDERWOOD is currently the chief operating officer and former head of the Incident Response Program at Emagined Security. Mr. Underwood was an executive information security consultant and CISO for several companies over the last 27 years. Mr. Underwood s extensive experience in information security at both the technical and management levels has led him to teach security courseware in over 60 countries around the world. Mr. Underwood has extensive experience in running the day-to-day operations of information security practice in several security engineering disciplines including incident response, compliance programs, architecture design, application and platform controls, penetration testing, and network and physical security.

5 Emagined Security was founded to provide executive level security consulting services to Fortune 100 companies enabling a secure working environment with reduced risk. As the COO of Emagined Security, Mr. Underwood provides executive advising services to Fortune 100 CISOs guiding them through challenges in information security and compliance. Emagined Security s commercial clients cover a wide range of global organizations, including the financial, energy, healthcare, high tech, manufacturing, and insurance industries. His executive level experience enables the ability to help corporations make responsible decisions that drive company needs and balance security to ensure a symbiotic relationship between security and profitability.