Practical Ways to Strengthen your GRC Program

The pendulum has swung to the opposite extreme and it’s time for it to come center. Our IT operations are full of “too much”. Too many tools. Too many unreferenced documents. Too much unmanageable data. Too many confusing controls from too many vague regulations and frameworks. Very few of these things actually align to our real operations. We have created all of this overwhelming noise and meanwhile are losing data at a ridiculously drastic rate.

Let’s stop continuing to do the same things that got us into this mess and expecting different results. This session will bring us all back to best practice governance basics and provide attendees with three very practical recommendations that they can use the very next day.

Karina Klever has spent more than 35 years in technology, starting in 1989 as a computer operator. After programming and decades of project/program management, she began focusing on compliance in the early 2000s. Over the next 20 years, Karina would go on to establish GRC Centers of Excellence for Fortune 500 companies.

After years of witnessing compliance being implemented as nothing more than a checkbox exercise, Karina opened her own boutique company, Klever Compliance, to guide midsized companies into establishing governance programs that are appropriate for their particular industry, level of maturity, size, risk posture, and goals. Klever Compliance is tool agnostic and works across industries, maturities, regulations and frameworks. Checkbox compliance leaves gaping security holes, so Karina's approach is to align actual operations to controls, instead of the other way around.

AI isn't just changing cybersecurity—it's completely rewiring the battlefield. This talk exposes the hard truth about autonomous defense systems, AI-powered red teams, and attackers now capable of launching machine-speed campaigns that bypass traditional controls.

We'll tackle the workforce earthquake happening as junior roles vanish and senior positions demand hybrid human-AI skills, while exploring why your sprawling security tool collection creates more vulnerabilities than it solves. Forget vendor hype—this session delivers actionable strategies for navigating the AI cyber arms race while preserving the irreplaceable human expertise that separates security victories from catastrophic failures.

Ron Dilley works at IS2 as a Principal Cyber Security Architect, focusing on fostering innovation and pushing the boundaries of what’s possible in technology to deliver exceptional value for clients. He is also on the IANS Research Faculty. As a cybersecurity innovator, he works with many cross-functional teams to develop novel security solutions and enhance security capabilities that improve customer experiences while frustrating adversaries.

He is a seasoned information security practitioner and thought leader with more than two decades of experience building, implementing, and leading information security practices responsible for the overall security posture and risk management of global companies. He is focused on security innovation, research, and development, and has overseen and revitalized infosec teams and advised on mergers, acquisitions, and divestitures from
an infosec perspective.

He also serves the cyber security community through open-source tools and solutions for real-world security challenges, including current work on stateless TCP (honeypi), the IR Directory Scanner (difftree), Log Templater (tmpltr), SSH Canary (sshcanary), Log Pseudo Indexer (logpi), and Wirespy Daemon (wsd).

Because ISSA Los Angeles makes commitments to our facilities well in advance of each event, we regret that we cannot offer any refunds or credits within 72 hours of any of our events. If you cannot attend an event you can send someone in your place as long as they have your written permission.

CPEs: There will be 2 CPE credits for the meeting.

Disclaimer: ISSA-LA reserves the right to alter or delete items from the program in the event of unforeseen circumstances. Material has been prepared for the professional development of ISSA-LA members and others in the IT audit, control, security, and governance community. Neither the presenters nor ISSA-LA can warrant that the use of material presented will be adequate to discharge the legal or professional liability of the members in the conduct of their practices.

All materials used in the preparation and delivery of presentations on behalf of ISSA-LA are original materials created by the speakers, or otherwise are materials which the speakers have all rights and authority to use and/or reproduce in connection with such presentation and to grant the rights to ISSA-LA as set forth in speaker agreement. Subject to the rights granted in the speaker agreement, all applicable copyrights, trade secrets, and other intellectual property rights in the materials are and remain with the speakers. Please note: unauthorized recording, in any form, of presentations and workshops is prohibited.

Permission to be Photographed: By attending this event, the registrant grants permission to be photographed during the event. The resultant photographs may be used by ISSA-LA for future promotion of ISSA-LA’s educational events on ISSA-LA’s web site and/or in printed promotional materials, and by attending this event, the registrant consents to any such use. The registrant understands any use of the photographs will be without remuneration. The registrant also waives any right to inspect or approve the aforementioned use of any photographs now or in the future.

Host or Publisher Information Systems Security Association Los Angeles | ISSA-LA