Leadership
About our Chapter
Academic Relations
Meetings & Events
Newsletters
Employment
Review Courses
Conferences
Links and Resources
Bylaws
ISACA Membership
ISACA Certification
 
 
 
 

MONTHLY MEETING TOPIC AND SPEAKERS
(Meeting Date: March 20, 2008)

"Efficient approach to PCI Compliance - Leveraging existing compliance efforts" - (Panel Discussion)

Moderated by Brian Bertacini

Panelists:
Andy Steingruebl - Information Security, PayPal
Jim Travato - Director, Information Security, Intuit.
Kieran Norton - Senior Manager, Deloitte & Touche's.
Andrew Luca - Director, PWC.
Burak Yenier - Director, IT Operations, CashEdge.
"Efficient approach to PCI Compliance - Leveraging existing compliance efforts"

Understanding the Payment Card Industry, the Data Security Standard, & How to Reduce your Compliance Efforts. Identify who are the main players and what are the main terms and topics in this space.
By attending this panel discussion you will learn:
  • Understand what is the history, purpose, and intent of the PCI DSS
  • Explain what is involved in compliance (and what are the relative deadlines)
  • Begin to prepare for a PCI self-assessment or Report on Compliance
  • Articulate the goals of compliance with the standard's Safe Harbor goal
  • What are the impacts of non-compliance?
  • What is the most cost effective way to meet the PCI requirements?
Brian Bertacini Brian Bertacini is a CEO co-founded AppSec Consulting in 2005 and oversees all company operations. The company is headquartered in Santa Clara, California, and is a leading provider of application security services and training to Fortune 500 clients. Mr. Bertacini is a member of ISSA and ISACA, and has over 15 years experience in software development and IT security, fulfilling various roles at IBM, Varian and Fujitsu. Mr. Bertacini is the founding member of the Silicon Valley OWASP chapter, and oversees operations at AppSec Consulting to ensure customers can deliver secure e-business services with confidence.
Andy Steingruebl Andy Steingruebl is a member of PayPal’s Information Risk Management team where he heads up their secure development program. Andy has more than 15 years experience in IT Risk Management and Information Security in a multitude of highly regulated environments including financial services and healthcare. His professional background includes security management at a mid-sized software company, the pharmaceutical division of a large healthcare company, and at a research university.
Jim Trovato Jim Trovato CISM, Director, Corporate Information Security Intuit Inc. Mr. Trovato holds a Bachelor of Science degree in Business Systems Analysis from Indiana University of Pennsylvania, and has recently received the Certified Information Security Manager (CISM) certification. Mr. Trovato is currently the Director of Corporate Information Security for Intuit. In this capacity, he was initially responsible for working with the CEO and other Intuit executives to create the Security strategy, which he then implemented and has been driving for the past 9 years. He currently directs a team of professionals who are responsible for protecting Intuits information assets by proactively identifying and mitigating risk, while supporting corporate growth and profitability. The scope of this responsibility includes overall security risk assessment for the company, along with specific responsibility for the Intuit corporate network, as well as Intuit’s corporate systems, desktop products and Internet-based systems and services. Application Security reviews, Security Policy development, Security and Privacy Policy compliance monitoring and technology evaluation are among the services his team provides, in addition to serving as an internal security consulting team to the business units and functional groups across the company. The Corporate Information Security team has grown to 18 full-time staff members, with a 100% staff retention rate.
Kieran Norton Kieran Norton (CISSP) is a Senior Manager with Deloitte & Touche's Enterprise Risk Services practice. Kieran specializes in our Security and Privacy Services with an emphasis in security program assessment and development, data protection, network security and incident response. Kieran also leads our PCI practice in the region and has assisted both merchants and processors in developing and sustaining PCI compliance programs. Kieran has over fifteen years experience in information technology and a background in information security, IT operations, and application development. He has worked for professional services firms in multiple industries and has managed numerous teams and technology implementation projects.
Andrew Luca Andrew Luca Director in PwC's Advisory Performance Improvement practice. Manager in PwC's GRMS Technology Risk Services practice. Fifteen years of experience in various technology and management roles in the financial services industry. Served as Chief Information Officer / CISO for payments processing company responsible for over $100bln in domestic and international payments. Served as Chief Technology Officer at a payments processing company. Originally joined firm in 1998 and rejoined in 2007. SME in payment technologies and security. Drew is a Director in PricewaterhouseCoopers' Advisory Financial Services Technology Practice specializing in Payments and leads PwC's Payments Practice in the West. He brings over 16 years of experience in networks, specializing in product and systems development. He possesses strong knowledge of payment systems including ACH, wire transfer, SWIFT, and payment card. In his work with the firm, he has led numerous payment projects related to risk and regulatory/AML and PCI. Drew was most recently at a financial transaction processing firm, where he was Chief Information Officer and CISO. Prior to this, he managed his own company that provided technology and security consulting services to the financial services industry. Before starting his own company, Drew was also Chief Technology Officer for an Internet payments company. There, he directed technology initiatives that allowed the company to offer B2B electronic payment products to large U.S. national banks. Drew has also served in various roles at a major brokerage and mutual fund complex.
Burak Yenier Burak Yenier is the Senior Director of Operations at CashEdge, a rapidly growing software as a service company in the financial services industry. Mr. Yenier is responsible for the deployment, support of all customer facing applications and related network and data center operations. Since 2003, he has worked in multiple roles at CashEdge including Director of Release Management and Quality Assurance, playing an active role in defining and enforcing software development related processes. Mr. Yenier earned an MBA from the Koc University in Istanbul, Turkey and a BS in Industrial Engineering from the Dokuz Eylul University in Izmir, Turkey.
 
 
© ISACA - Silicon Valley Chapter.