Day 1 - 13 November 2019
President of the board - CSA Silicon Valley Chapter
Cloud Security Alliance
10:00AM - Day 1
Developing security solutions: Chair’s Welcome and Opening Remarks
Cloud INSecurity – Doing your part in the Shared Security model for Cloud Computing
Moving to the cloud can be scary as you’re putting your environment in someone else’s hands. The hardest part is ensuring that the best practices you follow for your on-premise environment are changed and retrofit to your cloud environment. The Cloud provider will only go so far and you’re responsible for securing your own systems, services and applications. This session will cover how implementing the foundational cybersecurity best practices provided by the Center for Internet Security can help provide peace of mind when moving to the cloud. Hear how the CIS Controls, CIS Benchmarks and the CIS Hardened Images help you start secure and stay secure.
Dr. Torsten George
Cyber Security Evangelist
10:50AM - Day 1
How to Improve Cyber Resilience with Zero Trust
Cyber breaches are bigger and worse than ever. Hardly a day goes by without headlines about some new devastating cyber-attack. To better protect against data breaches, the use of a Zero Trust model has returned to the spotlight and seen huge growth in adoption. There are many starting points on the path to Zero Trust. However, all roads still lead to identity. Hackers don’t hack in anymore — they log in using weak, default, stolen, or otherwise compromised credentials. Indeed, Forrester Research estimates that 80 percent of today’s breaches involve privileged access abuse — that is, user accounts that have administrative access to critical systems in the organization. The session will explore how Zero Trust Privilege helps organizations to ensure that access to their compute (on-premises or in the cloud), network, DevOps, and data resources is appropriate, sanctioned, compliant, and secure.
03:40PM - Day 2
03:00PM - Day 2
11:50AM - Day 1
Panel: Sharing responsibility for cloud security
- Security in the cloud is – and always has been – a two-way street defined as the vendor being responsible for security ‘of’ the cloud – software and hardware – while the customer is responsible for security ‘in’ the cloud – data, OS, identity and access management, and so forth. So why do companies still struggle?
- Which stakeholders throughout the business and beyond have to take responsibility for cloud security, and what education and training is required?
- How do consumers fit into all this?
- Discussing effective strategies for sharing this responsibility effectively from Enterprise.
What happens in the cloud, doesn’t stay in the cloud
What happens in the cloud, doesn’t stay in the cloud – Why you should re-think who has access to what, from where, and what they can do with it.
Director of Enterprise Security
12:30PM - Day 2
12:50PM - Day 1
How to Achieve Network Security ZEN
Finding a balance between a pleasant user experience and stringent security requirements can be a challenge, but Adobe’s Zero-Trust Enterprise Network (or ZEN) initiative is intended to accomplish that. In this session, we will cover:
- The guiding principles behind ZEN.
- How you can leverage existing security technology investments and targeted automation technologies to develop your own ZEN framework.
- Common issues you might encounter along your journey with guidance on overcoming those issues.
Director of Product Marketing
02:30PM - Day 1
Deep Dive: Protecting API-Based Applications From Automated Bot Attacks
- Why Public Facing API Applications Pose a Security Risk and Why It Matters
- Anatomy of Automated API Bot Attacks
- Challenges with Securing APIs against Automated Attacks
- Securing API Apps using Cequence Security
- Product demo
The Security Phoenix from the ashes of DEV-OPS
- How to build a cybersecurity programme with people at the heart
- how to do traditional security governance and where does/doesn’t it work
- Waterfall vs agile, there is a time for everything
- How to trust developers and bring them on the journey of security transformation
- the value of design principle patterns and why they are key to go fast.
- how and when to use tools (SAST/IAST/DAST) and how to aggregate the results
- Build vs FIX, Half Quarter thresholds and other KPI in evaluating the good quality of code
- Licence to operate and how it is linked to appsec results as well as education
Principal Solutions Architect
03:30PM - Day 1
High definition visibility for cybersecurity in the cloud age
Do you know where you should be looking to expose dark data? Join this presentation to learn how you can easily obtain forensic quality data for threat detection, investigation and hunting:
– detect malicious and suspicious behavior (e.g. breaches, exploits, etc.)
– detect anomalous behaviour
– identify early cyber kill chain warning signals of threats, IOCs, attacks, etc.
Dr Venkat Rayapati
Founder & CEO
03:40PM - Day 1
Disruptive Integrated Cloud Cyber Security with Cognitive & Adoptive Artificial Intelligence for Enterprise
This presentation covers Integrated Cloud Cyber Security with cognitive and adaptive Artificial Intelligence algorithms. Cloud Cyber security is very complex problem for the Enterprise, due to simultaneous cyberattacks. No solution available to address multiple cyberattacks today. Each solution will operate in silos dedicated to single threat vector. There is no integrated security solution that covers attacks at the OS, Network, and Application level to defend from external, internal, and end point threats. Cyber Forza provides disruptive multi-level, multi-layer cognitive and adaptive AI algorithms will support multi-cyberattack defense to protect enterprise cloud security. Integrated solution reduces OPEX by 35% and increases the security efficiency by 50%.
Founder & CMO
04:00PM - Day 1
Cloud features: how to keep up with the competition
Day 2 - 14 November 2019
Developing security solutions Day 2: Chair’s Welcome and Opening Remarks
Senior Attorney, Division of Privacy & Identity Protection
Federal Trade Commission
10:50AM - Day 2
10:50AM - Day 2
Panel: The role of regulations and standards for cybersecurity and privacy compliance
- What does the concept of standards really mean in the context of cybersecurity?
- Exploring corporate association vs government based policies such as those from NIST, Cloud Security Alliance etc…
- Can a verticalized approach to standards work?
- What is current USA regulation in this area?
Director of Cyber Threat Intellegent Intergation Center
Director of National Intelligence
11:30AM - Day 2
The Challenge of Deterrence in Cyberspace
Pursuing and defeating cyber-adversaries targeting global US interests and the private sector’s role in helping with deterrence in cyberspace.
Keynote: Building a Robust Ethical Hacking Team
- Develop a Threat Model for your entire enterprise
- Build appropriate verticals and teams (Invest in Sr. talent who find vulnerabilities before the industry)
- Employ Automation for PenTesting (known & repeatable tests so your team can do the cool work/research)
- Develop a dashboard with risks for Executive (not technical teams)
CEO & Co-founder
03:30PM - Day 1
02:00PM - Day 2
Neutrality and Intent in Secure Communication
- The risk in smartphones
- Threat posed by tech giants and nation state actors
- ARMA G1 Secure Communicator
02:10PM - Day 2
Taking Responsibility for IoT Security – The Shifting Burden
IoT devices are the new favorite entry point for hackers trying to penetrate home, enterprise or industrial networks. For years, manufacturers of IoT devices have benefited from a classic case of a social cost inequity, as consumers, targeted companies and society at large have had to bear the major costs of preventing and responding to cyber breaches.
However, this almost free ride for manufacturers is likely coming to an end, with new regulations and ambitious hackers hijacking devices by the thousands at once putting the spotlight and pressure on manufacturers to start feeling the consequences of cyber attacks using their devices. We’ll take a look at how this trend compares to a more familiar example from the auto industry where manufacturers had to start taking more responsibility and take action to protect customers and society at large.
Executive Director, Cyber Security & Investigations
12:30PM - Day 2
02:20PM - Day 2
Global Director for Threat Intelligence
02:20PM - Day 2
Panel: Role of ethical hacking and penetration testing
- What role white and grey hat hackers can play in developing secure systems?
- Discussing the challenges and opportunities in this field
- Real life examples from enterprise of how pen testing and ethical hackers are improving their organisations cyber security.