InfoSec Compliance Now - An Event by AuditBoard

A Free Virtual Event → Feb 26, 2025 8:30 AM - 12 PM PT 3 CPE Credits

Explore what's next in cyber risk and compliance

Uncover tomorrow's threats, today.

Join AuditBoard for InfoSec Compliance Now 2025, a free half-day virtual event where industry experts dive deep into trends across cyber risk and compliance. Topics include AI, third-party risk management, risk quantification, and more.

Hear from thought leaders at:

Speakers

Dive into today’s most pressing topics in cybersecurity and IT risk management with expert leaders.

Ashley Lingerfeldt Director Risk, Compliance and Audit Q2

Jennifer Caffrey GRC Program Manager MongoDB

John Sapp VP, Information Security & CISO Texas Mutual Insurance Company

Nick Giedt Head of Security Strategy and Operations Roblox

Olabode Olaoke Director of Cybersecurity Risk Governance Block

Roland Chapin Supply Chain Risk & Cybersecurity Manager General Atomics Aeronautical Systems, Inc.

Sessions

Session 1 8:30 - 9:30 AM PT 1 CPE CREDIT

Demystifying AI Audits: A Practical Guide to Compliance

Complex machine learning (ML) models are often referred to as “black boxes” and even the data scientists that trained the models may not be able to explain the underlying algorithmic decisions. While this lack of visibility is a reality, it doesn’t mean that the entire AI and ML lifecycle is unknowable and unauditable. In fact, AI and ML can and should be part of a comprehensive compliance program. In this presentation, we’ll explore where and how InfoSec, compliance, and audit professionals can assess AI models as well as the risk posed by AI through third parties. We will explain the differences between assessing DevOps and MLOps and show where process inventory, policy management, MLBoMs (machine learning bill of materials), and supply chain safety can be applied to provide visibility and audibility to an ML-aware audit program.

Diana Kelley CISO Protect AI

8:30 - 9:30 AM PT 1 CPE CREDIT

Diana Kelley CISO Protect AI

Session 2 9:45 - 10:45 AM PT 1 CPE CREDIT

Risk-Based IT Compliance: The Case for Business-Driven Cyber Risk Quantification

IT compliance and cybersecurity teams have long struggled to effectively communicate the impact of threats and vulnerabilities to executives. When done right, cyber risk quantification allows IT professionals to speak the language of the business: financial impact.

While the importance of cyber risk quantification is apparent, many organizations struggle to get these projects funded. Join out experts to explore:

The basics of risk quantification and how to get started without trying to boil the ocean
The importance of moving beyond framework-driven security and assurance
Best practices for communicating the impact of IT security in supporting business growth
How to drive risk-informed decision-making within your organization

John Sapp VP, Information Security & CISO Texas Mutual Insurance Company
Lisa Hall CISO SafeBase
Nick Giedt Head of Security Strategy and Operations Roblox
Olabode Olaoke Director of Cybersecurity Risk Governance Block

9:45 - 10:45 AM PT 1 CPE CREDIT

John Sapp VP, Information Security & CISO Texas Mutual Insurance Company
Lisa Hall CISO SafeBase
Nick Giedt Head of Security Strategy and Operations Roblox
Olabode Olaoke Director of Cybersecurity Risk Governance Block

Session 3 11:00 AM - 12:00 PM PT 1 CPE CREDIT

From Due Diligence to Resilience: Building Robust Third-Party Risk Management

Organizations across industries rely on third parties to deliver critical services and drive operational efficiency. This collaboration often involves sharing sensitive data to create new opportunities—while also exposing companies to heightened cyber risks.

Join industry experts as they discuss practical strategies, policies, and tools for effective third-party risk management. Learn how to move beyond due diligence to implement risk-based approaches to vendor reviews, effective approaches to managing fourth-party risk, and navigating regulatory requirements including supply chain security. Protect your organization from third-party cyber threats while enabling secure, seamless service delivery in today’s interconnected and data-driven world.

Ashley Lingerfeldt Director Risk, Compliance and Audit Q2
Jennifer Caffrey GRC Program Manager MongoDB
Roland Chapin Supply Chain Risk & Cybersecurity Manager General Atomics Aeronautical Systems, Inc.

11:00 AM - 12:00 PM PT 1 CPE CREDIT

Ashley Lingerfeldt Director Risk, Compliance and Audit Q2
Jennifer Caffrey GRC Program Manager MongoDB
Roland Chapin Supply Chain Risk & Cybersecurity Manager General Atomics Aeronautical Systems, Inc.

Register Now

AuditBoard is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.

Compliant Resolution Policy: If you have any concerns about this program as they relate to the NASBA Standards, please email events@auditboard.com.

Cancellation Policy: Due to this program being offered free of charge, there will be no refunds issued. Please email events@auditboard.com if you need to cancel your registration.

Ashley Lingerfeldt

Director Risk, Compliance and Audit Q2

Ashley Lingerfeldt holds certifications as a Certified Regulatory Compliance Manager (CRCM) and Certified Information Systems Security Professional (CISSP), and currently serves as the Director of Compliance at Q2. They oversee critical compliance initiatives in regulatory exam management and core banking topics. Previously, at Wells Fargo, Lingerfeldt directed a team of 25 risk managers in conducting comprehensive risk assessments and managed governance routines for senior leadership. Earlier in their career, they held roles at Bank of America which included leading compliance with extensive credit risk regulations and managing teams focused on regulatory engagement and governance. Lingerfeldt began their career at American Express and Accenture, complementing extensive industry experience with a BSBA in International Business and Finance from UNC Kenan-Flagler Business School, and an MBA in Finance from Queens University.

Diana Kelley

CISO Protect AI

Diana Kelley is the Chief Information Security Officer (CISO) for Protect AI. She also serves on the boards of WiCyS, The Executive Women’s Forum (EWF), InfoSec World, TechTarget Security Editorial, and DevNet AI/ML. Diana was Cybersecurity Field CTO for Microsoft, Global Executive Security Advisor at IBM Security, GM at Symantec, VP at Burton Group (now Gartner), and a Manager at KPMG. Her extensive volunteer work has included serving on the ACM Ethics & Plagiarism Committee and as Cybersecurity Committee Advisor at CompTIA. She is a sought-after keynote speaker, the host of BrightTALK’s The Security Balancing Act, co-author of the books Practical Cybersecurity Architecture and Cryptographic Libraries for Developers, the EWF 2020 Executive of the Year, and EWF Conference Chair since 2021.

Jennifer Caffrey

GRC Program Manager MongoDB

Jennifer Caffrey is an experienced Assistant Vice President with a proven track record in the Information Security industry. She brings expertise in key areas such as vendor management and risk management. With a strong foundation in business development, Jennifer excels at driving organizational growth while maintaining a focus on security and operational excellence. Jennifer’s professional journey is marked by her dedication to advancing business objectives through secure, efficient, and well-managed practices.

John Sapp

VP, Information Security & CISO Texas Mutual Insurance Company

John is the VP, Information Security and CISO for Texas Mutual Insurance Company, and the creator of the thought leadership forum Cybersecurity Conversations: The Hype, Hope and Harsh Reality. As a strategic global information security executive with over 20 years of security, risk, and compliance experience, John’s knowledge and expertise has allowed him to become an industry thought leader, early adopter of emerging security technologies, and technical advisor to startups. Throughout his career, John has helped multiple organizations develop a clear picture of their current cyber risk posture and cybersecurity capabilities, and develop and execute a multi-year strategy to achieve the desired target state, while delivering an informed view of when, where, how, and why to invest in people, process, and technology to manage cyber risk.

Lisa Hall

CISO SafeBase

Lisa Hall is the Chief Information Security Officer (CISO) at SafeBase, with over 20 years of experience in information security. She specializes in developing holistic security strategies that integrate security into both product and business systems. Lisa led security initiatives at PagerDuty, Twilio, Color Health, and EY, including acquisitions and mergers, initial public offering (IPO), application/product security, infrastructure security, and compliance programs (SOX, SOC2, ISO 27001, FISMA, FedRAMP, and HITRUST).

Nick Giedt

Head of Security Strategy and Operations Roblox

Nick is a dynamic cybersecurity leader and strategist with extensive experience in driving organizational resilience and security at top technology companies, including Roblox, Meta, and LinkedIn. As the Head of Strategy and Operations, Nick partners with the security leaders to align security initiatives with business objectives, manage cross-functional priorities, and oversee the execution of strategic programs that safeguard enterprise systems and data. Nick is a recognized expert in scaling security teams and programs during hypergrowth. Known for his ability to bridge technical solutions with executive priorities, Nick has spearheaded forward-thinking initiatives, including user privacy frameworks, AI security strategies, proactive threat and risk intelligence programs, and fostering employee trust through transparent use of security tooling. With a passion for operational excellence and team enablement, Nick has demonstrated a proven ability to lead organizations through transformational growth while cultivating a culture of proactive and pragmatic security. A seasoned presenter and thought leader, Nick enjoys sharing insights on risk forecasting, operational resilience, emerging exploits, and the intersection of technology and security strategy.

Olabode Olaoke

Director of Cybersecurity Risk Governance Block

At the helm of Block's Cybersecurity Risk Governance, Olabode’s role is steeped in ensuring the alignment of risk and business objectives across a global landscape. He is dedicated to managing cybersecurity risk, implementing common controls, and governing workforce security policies. He has a strategic focus on safeguarding operations and nurturing customer trust.

Roland Chapin

Supply Chain Risk & Cybersecurity Manager General Atomics Aeronautical Systems, Inc.

Roland Chapin leads the Supply Chain Risk & Cybersecurity Organization at General Atomics Aeronautical Systems, Inc. (GA-ASI). Roland has been at GA-ASI for 5 years where his responsibilities include oversight of the Supply Chain Risk Management Program Management Office (SCRM PMO) and Information Security. Before his time at GA-ASI, Roland worked for the U.S. Dept of State, Bureau of International Narcotics and Law Enforcement (INL) for nearly a decade and a half. Roland has a B.S. in Information Technologies, is certified by the Project Management Institute as a Project Management Professional (PMP) and holds the Certified Information Systems Security Professional (CISSP) credential issued by ISC2.