Takeaways from GAM 2018: Internal Audit Embraces Cybersecurity

Nick Son, Vice President, Cyber Risk Services, Coalfire

Last week, the Institute of Internal Auditors (IIA) held its 2018 Global Audit Management Conference at the Aria Resort in Las Vegas. With over 1,700 attendees, this was the most well-attended event in the history of the conference. Coalfire was one of the sponsors, and we were delighted to meet with so many forward-thinking audit executives and practitioners.

Cybersecurity was a hot topic at the conference, and it’s now clear that all organizations have added cybersecurity, more specifically pentesting, to their annual audit plans to provide a “third line of defense” for cyber risks that the board of directors and the executive team need to manage as a part of their enterprise risk management programs.

We fielded a lot of questions about governance best practices, incident response planning and testing, penetration testing, and due diligence reviews linked to mergers and acquisitions activity.

If these topics also interest you, you might find these resources helpful:

Finally, I would be remiss if I didn’t highlight the provocative keynote presentation delivered by Patrick Schwerdtfeger, the author of “Anarchy, Inc.: Profiting in a Decentralized World with Artificial Intelligence and Blockchain.” Mr. Schwerdtfeger inspired us all to think about disruptive innovations and how we as leaders need to prepare our enterprises for changes wrought by these emerging technologies. He asserted that leadership involves risk, and that prompted all the internal auditors in the room to consider how we can build the skills we need and lead our teams in the years ahead.

Nick Son


Nick Son — Vice President, Cyber Risk Services, Coalfire

Recent Posts

Post Topics



Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit Azure bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS