Day 2 - 29 November 2018
Developing cloud security solutions: Chair’s welcome and opening comments
Fireside Chat: National Cybersecurity Strategy at the DHS
A one on one discussion with Director for Cybersecurity & Innovation covering:
- The recently released National Cybersecurity Strategy and DHS Cybersecurity Strategy, and what implementation means for industry.
- The Department’s risk-based posture towards cybersecurity threats
- Best practices and resources for businesses of any size
Plus an opportunity to ask your questions.
Global Director, Security Architecture
10:20AM - Day 2
Keynote: Here for the beer! How the world’s leading brewer is embracing the cloud and IoT securely.
- AB InBev is the world’s leading beer brewer and a top CPG company. With hundreds of thousands of employees and thousands of facilities globally, scaling up high technology and innovation are key to our digital transformation.
- As ABI embraces the cloud, industrial automation, IoT and Artificial Intelligence, we are faced with many challenges. Learn how we think about security and view it as an opportunity to save money, achieve our sustainability goals and make our consumers happy.
- Inside our breweries around the world, we rely heavily on automation, sensors and technology. Take a walk through a typical brewery and learn how our SOC leverages inputs from Industrial IoT / SCADA security systems to ensure the beer keeps flowing.
Director of Strategy & Solutions Marketing, Digital Networking
10:50AM - Day 2
Panel: Am I using the cloud securely?
- Examining the current state of cloud security vs traditional IT systems
- How do organisation develop cloud strategies that are secure, and account for data storage?
- What innovations are there, and what more do we need to see to counter emerging threats in the next five years?
Senior Representative, Darktrace
11:50AM - Day 2
How machine learning is improving cyber security
- Detecting threats before they happen
- Securing organisations’ entire portfolio of cloud apps
- How cloud providers, third-party vendors and users can all work together
- The impact of machine learning on compliance
It’s not you, it’s me: How the shared responsibility model for cloud security still slips through
Security in the cloud is – and always has been – a two-way street defined as the vendor being responsible for security ‘of’ the cloud – software and hardware – while the customer is responsible for security ‘in’ the cloud – data, OS, identity and access management, and so forth. So why do companies still struggle?
This talk will address:
- Examples of where shares responsibility model has been effective, and examples where it has failed.
- Where does the vendors responsibility end and the customers start?
- The role of standards and compliance to aiding share responsibility models.
12:50PM - Day 2
Abstracting Application Security in the Cloud using Secure Enclaves
Traditionally, organizations had to worry about the security of their infrastructure in order to ensure privacy, integrity and confidentiality for their critical applications. It required securing the actual machines that the applications were running on. Recent advances in processor architecture introduced support for Secure Enclaves – execution units that enable hardware-grade isolation for application logic, protecting it from compromised or misconfigured infrastructure and creating a tighter security perimeter around the application itself. We explore how this paradigm shift bears the potential to revolutionize application security”.
The Secrets to Build Enterprise Worthy Secure Cloud Services
- Why it is important
- Top challenges and gaps cloud service companies fail to meet enterprise security requirement
- Deep dive – how to build enterprise worthy secure cloud services
- Silver bullet of open standard for cloud security
- The evolving landscape – what’s next
Keynote: Domino’s Delivery of a Faster Response was no Standard Order
This talk presents Domino’s cutting-edge Automated Application Security Risk Engagement process leveraging integration between Atlassian Confluence and JIRA as well as highlights our custom Risk Form Handler which automatically creates and assigns Security Requirements Tickets in JIRA. Lastly, we will present our Splunk ITSI Application Security KPI Dashboard illustrating our Domino’s E-Comm, Pulse and NGP Development Security Posture and related KPIs.
03:10PM - Day 2
Scientific Lead, Business Development
Cambridge Quantum Computing
03:10PM - Day 2
Panel: How artificial intelligence and blockchain are the battlegrounds for the next security wars
- Artificial intelligence, machine learning, and blockchain, are emerging tech cited as key in an increasingly complex security environment, but what challenges do these technologies pose?
- Many key players are using security awareness and infrastructure is a key feature to differentiate themselves within the cloud wars, so how will this dictate how the market evolves?
- As the hyperscalers are moving further up the stack to find the latest battleground – so who is going to come out on top?
- Real life examples of where AI, ML and Blockchain are being utilised for security
Security Team Lead
03:50PM - Day 2
01:10PM - Day 2
Lessons Learned by the WordPress Security Team
Managing security for the WordPress project is a challenge to say the least. The sheer volume of reports, the resulting noise, securing an ageing codebase, handling disclosure – all difficult to handle, but just the tip of the iceberg. How do you keep sites and users secure with so much third-party code? What do you do about hosting environments? How do you educate users? When is it okay to break things to fix security issues and how do you manage reputation when you do? They may not have it all figured out, but over the years they’ve learned a lot – often the hard way. Aaron shares their hard-learned lessons in hopes that it makes things easier on everyone else!