shpae shpae

ISACA Ireland Conference


November 23, Croke Park, Dublin

Register Today

Book Your Seat


Information Security,
Audit, Risk and
Compliance Professionals

The ISACA Ireland Chapter is delighted that we will be having our first in-person annual Conference since the pandemic on November 23rd, in Croke Park.

The theme for this years event is "Exploring new ideas in Cyber, Risk and IT Audit" and we have a great lineup of industry recognised experts to give talks through out the day.

The event will be CPE eligable and 8 hours of CPE credit will be available to delegates.


Industry Experts


CPE Hours



Event Sponsors

Click logos to learn more about our sponsors

Event Activities

ISACA Ireland Chapter Conference Schedule

  • Hogan Mezz


  • Hogan Mezz


  • Nally

  • 08:00 - 09:00 Registration

    Delegate Registration and Event Opening

  • 09:00 - 09:10 Opening Remarks

    Opening remarks from the ISACA Ireland Predisent, Paul Hare

  • 09:10 - 09:40 Shane Curran - Day Zero Security

    The classic approach to cybersecurity has been to "build walls" around software by buying and integrating an overwhelming number of security tools.

    Cyber attacks are fundamentally bad because they put sensitive data at risk.

    Why don't we protect sensitive data directly, rather than building walls?

    The core goal of cyber security practitioners should be to prevent the incidence of Zero Day exploits and more, through a culture of taking security seriously — from Day Zero.

  • 09:45 - 10:15 Donal Murray - How the digital age is transforming how organisations are operating

    The Digital age is transforming how organisations are operating. And this transformation will continue into the future as new technological advancements are being released at a rapid pace. While new technology is presenting significant opportunities for organisations, with it comes emerging risks that are complex in nature.

    An organisations ability to effectively manage these risks will be a key input into its future success. Donal will present on these emerging risks, how technology opportunities are creating significant challenges for risk functions, and what organisations are doing to react and prepare.

    Donal will also speak to the topic of control transformation by leveraging these new technologies and what an organisations control environment might look like in the future.

  • 10:20 - 10:40 Tea and Coffee

    Light refreshments before the talks recommence

  • 10:40 - 11:10 Lee Bristow - Automating Risk and Compliance

    The reality is, risk and compliance processes can be automated, the key is how they are automated and the value of what that automation can bring.

    Pulling together the strands of risk management and ethics ensures greater transparency, potentially better and more consistent decision support for leaders and managers.

    In this session we unpack the value of risk management, compliance, ethics, and robotics process automation (RPA) being blended to create more sustainable and human solutions to business problems.

  • 11:15 - 11:45 Blessing Usoro - Another Day Another Hack: You could be next!

    Everyone should be ready for a cyber breach. Security leaders must move away from “it could never be me.” thinking to, “I could be next”. We need to ask ourselves the hard questions and adopt a readiness mindset that reduces cyber risk and improves security posture. A better cyber strategy is 90% preparation, 10% right tools, right place, right time.

    This session will provide context to the rise of cyber criminal activity against enterprises. We’ll also look at hard questions we should be asking about our cyber risk and what to focus on. For example; is your most important asset covered?

    The cyber risk mindset should change from now on and we’ll explore why it should. The odds are higher. There are shifts you can make that will help.

    Looking to the future, 2023 will be an interesting year for both sides of the park. Find out the strongest predictions for the upcoming year and how your cybersecurity operation can improve by adopting a new cyber risk mindset.

  • 11:50 - 12:20 Onur Korucu - Proactive Defense: Cyber Insurance

    Cyber insurance (also referred to as cyber risk or cyber liability insurance) is a form of cover designed to protect the business from threats in the digital age, such as data breaches or malicious cyber hacks on corporate computer systems.

    Cyber insurance helps to protect the business against various digital risks by providing financial support if they experience an incident such as a cyber-attack. Also known as cyber liability insurance, this commercial cover is designed to react quickly to malware attacks, hacking events and electronic data breaches by funding investigation and reimbursing losses.

  • 12:25 - 13:25 Lunch

    Lorem Ipsum

  • 13:25 - 13:55 Sean Hanna - The Wolf of Wall Street Vs The IT Crowd. Gamified.

    Who is right?

    Do we need tighter internal cyber security and a bigger budget, or maybe it's best to outsource and reduce overheads?

    Should IT protect the business, or maybe the business needs to accept more risks?

    A fully interactive, gamified session that sets IT against management. Using the Kahoot platform, up to 2000 local and remote delegates can fully interact in this engaging and informative session on their personal mobile devices without any downloads or software installation with live, interactive results.

    The session poses questions to the audience, the expert host steering the conversation and conclusions from the live audience results. Our goal is to answer the question we all need to ask: What does the business really want from Cyber Security?

    This session is an ideal conference starter, as it breaks the ice and fully engages with every audience member; everyone has an opinion, and everyone gets a voice in this session.

  • 14:00 - 14:30 Thrubhuvan JV - Traditional SOC to Orchestrated SOC

    Cyber Security MSS such as SOC services has been traditional setup and delivered around one or two vendor technology (SIEM, EDR) heavily just by limiting the wider scope of services around Threat Intelligence, Threat Hunting, SOAR or Vulnerability mgmt.

    Whereas an Orchestrated SOC with SOAR as the single plane of glass can bring together plug in play options such as Bring your own technology (BYOT) can cater existing customer technology and also be an extension to avail services through SOAR as a Service without additional vendor investment separately for Threat Intel or hunting or vulnerability mgmt or orchestrated incident response./p>

  • 14:35 - 15:05 Valerie Lyons - Top Ten Privacy Challenges of the Hybrid Workplace Model

    Remote work isn't anything new. Before the pandemic, the common model of work was primarily the On-site Work Model, where the Remote Work Model was less common. Before pandemic-related lockdowns, it's estimated that only 10% of the workforce consisted of remote workers. However, only weeks into the pandemic, that number skyrocketed to roughly between half and two-thirds of all positions and now over half of people (54%) in a recent PEW research survey said they’d like to keep working remotely.

    As we emerge from the pandemic, organisations are now operating variations of work models, ranging from fully on-site to fully remote. The On-site Work Model means working in a physical office location. The Remote Work Model is essentially working via remote access. Many organizations now offer a combination of the two, where employees can work part of the time remote/part of the time on site, or where some employees can work onsite full-time while others work remotely full-time. This new normal is referred to as the Hybrid Work Model (HWM). Instead of structuring work around desks in a physical office space, hybrid work generally enables employees to structure work around their lives.

    There is no single blueprint for a HWM. Unsurprisingly, people interpret and implement HWMs in different ways. There is a consensus concept underpinning hybrid work, however: Flexibility. Hybrid approaches are intrinsically more flexible than more uniform, rigid models that require people to work entirely or predominantly in the same central location.

    However the HWM introduces a set of privacy challenges associated with privacy and data protection such as the transfer of data, the need for additional data protection impact assessments, the audit and monitoring of employee performance etc. There are also privacy challenges associated with consumer protection legislations such as the recording of telephone calls, and privacy challenges associated with employee health and safety such as surveillance in the workplace. This session will discuss ten of these key privacy challenges.

  • 15:10 - 15:30 Tea and Coffee

    Lorem Ipsum

  • 15:30 - 16:00 Stephen Bowes - Is your Information Security Program like a G-Shock?

    In this presentation I will bring the audience on a journey as to how Casio brought their eponymous G-Shock program into being.

    From clearly defining the initial key scope metrics to building a layered model and evolving the program over time.

    Conducting rigorous testing, continuous program review and improvement, building in flexibility to operate in different environments, obtaining external assurance of controls, managing costs and how the program ultimately benefitted the business whilst mapping all these elements to a modern information security program interspersed with real world examples I have encountered.

  • 16:05 - 16:35 Tony Clarke - The evolution of cyber-threats during the COVID-19 pandemic

    This presentation will explore the cyber-threat landscape during the pandemic, particularly how different threat actors depending on their motivations changed techniques at different stages of COVID-19 vaccine development.

    The session will cover threat actors from opportunistic attackers to highly sophisticated cyber-criminals and nation state attacks.

    The presentation is based on my role as CISO for the Clinical Research Organisation, ICON plc, who conducted the clinical trials for the first COVID-19 vaccine and as my current role as CISO for Clinical Trial logistics company Marken – a subsidiary of UPS and will outline how cyber-threats evolved throughout the course of the COVID-19 pandemic.

  • 16:40 - 17:10 Panel Discussion

    Lorem Ipsum

  • 11:15 - 11:45 Tony Hughes - Using TTX to build Cyber Resilience

    Understanding the need to build and train cognitive responses to the psychological impacts of a cyber incident. What those impacts look like and how do we prepareour organisations for the psychological as well as technical and organisational responses to an incident.

    The session looks at how the use of simulations via tabletop exercises can help to remove some of the challenges and build confidence in effectively responding to incidents.

  • 11:50 - 12:20 John Brady - Role of Risk Practitioner

    Who are you hiring for your risk team? What does the jobspec look like? Using CRISC 6th Edition John will investigate the key must have’s, should have’s and some knowledge related aspects for the role of Risk Practitioner

  • 13:25 - 13:55 Daragh Levins - Why When Who - Standards Framework and Guidance DORA & NIS 2

    This presentation will look at the EU’s Digital Operational Resilience Act (Dora) and the Network and Information Society Act that have been much talked about are now going to be implemented in the next two years or so. There is a lot for those affected to think about and prepare for.

  • 14:00 - 14:30 Sean McHugh (TU Dublin), Martin Cullen & Everett Breakey (Chapter Training Team) - Certification, Certificates, and the Market Place

    A panel discussion on what’s hot and not in the marketplace for Certification and Certificates. What is the market looking for? What will the landscape look like in five years time and will you be ready for market.

  • 14:35 - 15:05 Kevin Hart - Alternative Currencies and Fraud

    Kevin will use this session to:

    1. Assess the current landscape of alternative currencies
    2. Differentiate among various forms of alternative currency
    3. Determine how fraud schemes such as ransomware are enabled by alternative currencies
    4. Identify cryptocurrencies and how their mechanisms can prevent fraud
    5. Recognize fraud threats associated with alternative currencies
    6. Recognize important court cases in the developing law concerning alternative currencies

  • 09 AM - 11 AM Registration

    We’re inviting the top creatives in the tech industry from all over the world to come learn, grow, scrape their knees, try new things, to be vulnerable, and to have epic adventures

  • 11 AM - 01 AM Introduction about speakers

    We’re inviting the top creatives in the tech industry from all over the world to come learn, grow, scrape their knees, try new things, to be vulnerable, and to have epic adventures

  • 01AM - 02 AM Luanch Break

    We’re inviting the top creatives in the tech industry from all over the world to come learn, grow, scrape their knees, try new things, to be vulnerable, and to have epic adventures


World Class Speakers


Shane Curran

CEO, Evervault


Blessing Usoro

Information Security Manager, Ding


Donal Murray

Partner, Deloitte


Lee Bristow

CTO, Phinity Risk Solutions


Onur Korucu

VP of Consulting Cyber Security and Data Protection, TerzionDX


Sean Hanna

Founder & Director, Nemstar


Stephen Bowes

Technology, Alliances & Innovation Director, BSI


Thrubhuvan JV

Director - Cyber Security & Technology Consulting, EY


Tony Clarke

VP of Information Security, Marken


Dr. Valerie Lyons

COO, BH Consulting


Tony Hughes

Director of Cybersecurity, Ansec IA

Shape Shape


Support the Chapter by becoming a Sponsor


  • Premium Features

Sold Out


  • Gold Features


  • Silver Features

Sold Out


  • Bronze Features

What Attender Says

Previous Event


“Well done on another great event ISACA Ireland team. This is always one of the best value for money conferences and did not dissapoint again this year.“

IT Risk Manager Attendee


“A great day out, with plenty of interesting topics and speakers.“

Security Analyst Attendee


“Really good conference and very well organised given it was remote this year. Well done to the organisers.“

Compliance Lead Attendee