About this Event
Welcome to the ISACA NTX Meeting happening in person on May 22, 2026 at 1 PM (Central Time) at TIAA Frisco! Connect with industry professionals, expand your network, and gain valuable insights into the latest trends and developments in the field. Don't miss this opportunity to stay up-to-date and engage with like-minded individuals. Following this month’s ISACA North Texas meeting, join ISACA for a two-hour networking event, bringing together cybersecurity professionals to connect, share insights, and explore the expansive 4,000+ member strong ISACA community.
This is a prime opportunity to engage with industry peers, expand your professional network, and uncover resources and support within the ISACA North Texas Chapter. Your ticket to the May in-person meeting also gets you into the Yearend Networking Happy Hour. Just RSVP. Join us for a day filled with insightful discussions, networking opportunities, and knowledge sharing. Don't miss out on this chance to connect with industry professionals and expand your expertise. Mark your calendars and get ready for a productive day ahead! See you there!
Dates: 5/22/2026
Time: 1 pm - 4:30pm Central Time
CPE: 3
Fee:
ISACA Member Cost: $40.00
Non-Member: $50.00
Agenda:
1pm - 2pm - Subbu Rama
2:10 - 3:10 pm - Gideon T. Rasmussen
3:20 - 4:20 pm - Arek Skuza
Speaker Details: Subbu Rama is the CEO and co-founder of BalkanID, an AI-powered identity security and access governance platform built for the modern enterprise. A three-time founder, he previously co-founded Bitfusion, an AI infrastructure company acquired by VMware, and has held product and engineering leadership roles at Dell Technologies and Intel. He has also served as a mentor and advisor to startups through Techstars, Alchemist, and Capital Factory. At BalkanID, Subbu leads the company's vision to automate identity governance, reduce access risk, and bring AI-native controls to how enterprises manage both human and non-human identities. He holds a master's degree in computer engineering from the University of Wisconsin-Madison.
Company: BalkanID
LinkedIN: https://www.linkedin.com/in/subburama
Session Title: Governance with AI agents as employees: identity, access, and accountability in the agentic enterprise
Session Description: AI agents are rapidly becoming part of the enterprise workforce: requesting access, making decisions, and executing operational tasks across cloud, SaaS, and internal systems. Unlike human employees, these agents scale instantly, operate continuously, and often accumulate broad privileges without the governance controls organizations have spent years building for human identities. This session makes the case that AI agents must be treated as first-class identities, governed with the same rigor applied to human and non-human accounts, and examines the emerging risks that arise when they are not: over-privileged agents acting beyond their intended scope, unmanaged service identities creating blind spots, autonomous decision execution without auditability, and lifecycle gaps that leave dormant agents with live access. Attendees will leave with practical guidance on applying identity governance principles to AI agents, along with a governance model suited for security, IAM, risk, and audit leaders preparing their organizations for a workforce that is no longer entirely human.
Speaker Details: Gideon T. Rasmussen, CISSP, CRISC, CISA, CISM, CIPP. Gideon Rasmussen is a cybersecurity leader with over 20 years of experience in corporate and military organizations. Gideon has designed and led programs including information security (as Chief Information Security Officer), PCI payment card security, third-party risk management, application security and information risk management. Has diverse cybersecurity experience within banking, startups, insurance, pharmaceuticals, DoD/USAF, aerospace and defense, state government, advertising and talent management. Gideon is a sought-after speaker, addressing audiences at conferences, universities and corporate events. He is the author of Program Architecture: Fight the Good Fight and has written more than 30 articles on cybersecurity and operational risk. A veteran of the United States Air Force, Gideon has completed the Bataan Memorial Death March four times.
Company: Virtual CSO, LLC
LinkedIN: https://www.linkedin.com/in/gideonrasmussen
Session Title 2: Adaptive Cybersecurity Risk Assessments
Session Description 2: This session provides practical advice to conduct cybersecurity assessments. It details the end-to-end process including: scoping, 15 steps to develop work papers, scheduling, on-site assessment, report preparation and presentation.
The first assessment example leverages the NIST Cybersecurity Framework for coverage across security domains. Sample scoping questions are provided, with tips and examples to create testing procedures based on cyber threat intelligence, business processes, insider threat and fraud.
The scoping methodology is risk opportunistic to adapt assessments year-over-year. There is focus on areas that have not been evaluated recently and areas that may require enhanced controls due to the presence of valuable data. Attendees are encouraged to evaluate lines of business and to take deep dives into critical functions.
The session provides an assessment report framework. There are tips for briefing executives including a slide deck framework covering the threat landscape, assessment methodology, high and moderate-high findings, Strengths, Weaknesses, Opportunities and Threats (SWOT) and next steps.
Speaker Details : Arek Skuza works exclusively with C-level executives at companies generating $50M+ annual revenue who are committed to transformational AI decisions. Previous clients include leadership teams at Ikea, Discovery Networks, Shell Energy, Neuca, Modoma, Arcade, Benefit Systems, BetFan, Krispol, Krishome, ETX, SEBN, Saleslions, EY, Langas, Seka, Allegro, Maspex. Arek focus is architecting AI-driven business transformation that delivers measurable results within 90 days.
Company: Skuza AI
LinkedIN: https://www.linkedin.com/in/arekskuza/
Session Title 3: AI Without the Audit Nightmare: Three Controls Every Mid-Size Enterprise Needs Before Its Next Deployment
Session Description 3: With the EU AI Act's high-risk obligations becoming enforceable on August 2, 2026, and ISO 42001 certification demand accelerating, most mid-size enterprises are facing a hard question: can our AI deployments survive an audit?
According to the 2026 Vision Compliance Readiness Report, 78% of organizations have not taken meaningful steps toward AI Act compliance, and 83% have no formal inventory of the AI systems they use or deploy.
In this session, we will cover:
1. The Audit-Ready AI Stack — the three control points (input governance, model behavior monitoring, output traceability) that turn an unauditable LLM deployment into a defensible system. I'll map each control to NIST AI RMF, ISO 42001 Annex A, and EU AI Act Articles 9, 10, and 12 so your members can connect it directly to their audit frameworks.
2. The Six-Component Prompt Engineering Framework — what an auditable prompt actually looks like, and why prompts are the new control instructions. I'll show how to document, version, and test prompts for SOC 2, ISO 42001, and EU AI Act readiness — the same framework I use with my enterprise clients.
3. Real-World Case Studies & Failure Patterns — what worked at Shell (10,000-equipment AI predictive maintenance program), Discovery (AI-driven insurance underwriting with Harvard Business School documentation), and Allegro (Poland's largest e-commerce platform, 100+ data scientists, 95% ML-driven delivery prediction accuracy) — and the three failure patterns I keep seeing in mid-size enterprise deployments: shadow AI with no input governance, "prompt roulette" with no standardization, and "deploy and pray" with no monitoring.
Event Venue & Nearby Stays
TIAA Frisco Corporate Center, 3965 Dallas Parkway, Frisco, United States
USD 40.00
