Day 1 - 13 November 2019
President of the board - CSA Silicon Valley Chapter
Cloud Security Alliance
09:30AM - Day 1
Developing security solutions: Chair’s Welcome and Opening Remarks
Senior Representative, Extreme Networks
09:50AM - Day 1
Developing an effective cloud cyber security solution
With more and more businesses using cloud services to expand and modernise their business, how can we prioritise security whilst still staying in budget? This talk will cover best practices to consider.
Cloud INSecurity – Doing your part in the Shared Security model for Cloud Computing
Moving to the cloud can be scary as you’re putting your environment in someone else’s hands. The hardest part is ensuring that the best practices you follow for your on-premise environment are changed and retrofit to your cloud environment. The Cloud provider will only go so far and you’re responsible for securing your own systems, services and applications. This session will cover how implementing the foundational cybersecurity best practices provided by the Center for Internet Security can help provide peace of mind when moving to the cloud. Hear how the CIS Controls, CIS Benchmarks and the CIS Hardened Images help you start secure and stay secure.
Cyber security Posture – how good is your overall cybersecurity strength?
- Benefits of taking a holistic approach to cyber security, and how it improves the strength of your organisations cyber security
- Examining policies, procedures and control mechanisms of different hardware, software, & cloud solutions – what else needs considering?
- How to measure the other aspects of your overall security offering – including practices, processes, and the human behaviour.
Director (Cloud Security) - Strategy, Architecture & Innovation
BMO Financial Group
11:50AM - Day 1
03:40PM - Day 2
11:50AM - Day 1
Panel: Sharing responsibility for cloud security
- Security in the cloud is – and always has been – a two-way street defined as the vendor being responsible for security ‘of’ the cloud – software and hardware – while the customer is responsible for security ‘in’ the cloud – data, OS, identity and access management, and so forth. So why do companies still struggle?
- Which stakeholders throughout the business and beyond have to take responsibility for cloud security, and what education and training is required?
- How do consumers fit into all this?
- Discussing effective strategies for sharing this responsibility effectively from Enterprise.
What happens in the cloud, doesn’t stay in the cloud
What happens in the cloud, doesn’t stay in the cloud – Why you should re-think who has access to what, from where, and what they can do with it.
Director of Enterprise Security
12:30PM - Day 2
12:50PM - Day 1
How to Achieve Network Security ZEN
Finding a balance between a pleasant user experience and stringent security requirements can be a challenge, but Adobe’s Zero-Trust Enterprise Network (or ZEN) initiative is intended to accomplish that. In this session, we will cover:
- The guiding principles behind ZEN.
- How you can leverage existing security technology investments and targeted automation technologies to develop your own ZEN framework.
- Common issues you might encounter along your journey with guidance on overcoming those issues.
VP Product Management
03:40PM - Day 1
02:30PM - Day 1
Deep Dive: Protecting API-Based Applications From Automated Bot Attacks
- Why Public Facing API Applications Pose a Security Risk and Why It Matters
- Anatomy of Automated API Bot Attacks
- Challenges with Securing APIs against Automated Attacks
- Securing API Apps using Cequence Security
- Product demo
Security Architect: slayer of dragons, defender of realms & protector of cybersecurity automation
The talk will take the audience on a journey from the origin of the security architecture, the challenge of cloud security and the role of an architect in the dev-sec-ops world. The talk explains the difference between traditional command and control governance and the solution to avoid starving automation and innovation with traditional security governance. We will look at modern SDLC and what should be deployed step by step in each stage.
Training and education for staff – the first line of defence
Protecting against the human factor is still one of the most dangerous parts of securing a business. What are the dangers of uninformed employees and how can you ensure your training policy is up to scratch?
Day 2 - 14 November 2019
Developing security solutions Day 2: Chair’s Welcome and Opening Remarks
Senior Representative, Konica Minolta
Konica Minolta Business Solutions
10:20AM - Day 2
Increased governance with managed security services
To follow soon…
Senior Attorney, Division of Privacy & Identity Protection
Federal Trade Commission
10:50AM - Day 2
10:50AM - Day 2
Panel: The role of regulations and standards for cybersecurity and privacy compliance
- What does the concept of standards really mean in the context of cybersecurity?
- Exploring corporate association vs government based policies such as those from NIST, Cloud Security Alliance etc…
- Can a verticalized approach to standards work?
- What is current USA regulation in this area?
Director of Cyber Threat Intellegent Intergation Center
Director of National Intelligence
11:30AM - Day 2
The Challenge of Deterrence in Cyberspace
Pursuing and defeating cyber-adversaries targeting global US interests and the private sector’s role in helping with deterrence in cyberspace.
Afternoon Keynote: Threat detection and response techniques – What you need to know
- Proactive threat detection
- Combining human and technical elements
- How security, network and endpoint threat detection software is being deployed and what results are we seeing
- Real life examples of threat detection in action
Co-Founder & Board Member
03:30PM - Day 1
02:00PM - Day 2
Neutrality and Intent in Secure Communication
- The risk in smartphones
- Threat posed by tech giants and nation state actors
- ARMA G1 Secure Communicator
02:10PM - Day 2
Cybersecurity for the IoT: Firedome Case Study
To follow soon…
Panel: Role of ethical hacking and penetration testing
- What role white and grey hat hackers can play in developing secure systems?
- Discussing the challenges and opportunities in this field
- Real life examples from enterprise of how pen testing and ethical hackers are improving their organisations cyber security.
Building a Robust Ethical Hacking Team
- Develop a Threat Model for your entire enterprise
- Build appropriate verticals and teams (Invest in Sr. talent who find vulnerabilities before the industry)
- Employ Automation for PenTesting (known & repeatable tests so your team can do the cool work/research)
- Develop a dashboard with risks for Executive (not technical teams)