Cloud Security is complex. Users need to deal with compliance issues, configuration concerns and the convergence and management of public, private and hybrid clouds. There’s also issues around access and, identity and privacy questions to address. This summit will examine many of these issues to help you get the best out of your cloud security strategy.
Cloud Agnostic Security Posture Management (xSPM) Using Zero Trust & Shift Left Principles. Speaker - Parthasarathi Chakraborty, n/a – Associate Vice President - Head of Security Architecture, Engineering & Innovation, Humana Inc. Managing cloud security posture across application, data and configuration is a daunting task for security practitioners and adding a SaaS variable makes it even more difficult. Industry makes it even more complicated by introducing many buzzing concepts like shift left, zero trust, application/data/cloud/SaaS security posture management etc. This presentation takes a deeper dive into what are these concepts all about, how are they connected and how to ensure a security practitioner can leverage these concepts and implement an architecture that reduces alert fatigue. A reference for CISOs and security executives before making multi-cloud security posture management solution.
Lessons Learned from Building Enterprise Cloud Security Programs Speaker - Karl Ots, CISSP – Head of Cloud Security, EPAM Systems In the on-premises world, cybersecurity risks were limited to your organization's network perimeter. In the era of cloud computing, both the impact and likelihood of potential risks are significantly higher. With the corresponding rise of DevOps methodology, security is now the responsibility of everyone who are part of the application development lifecycle, not just security specialists. In this session, we will present lessons learned to build the cloud security program that makes sense for you. The session is based on real-life experiences from implementing cloud security programs in some of the largest enterprises in the world. Summary: In this session, we will present our lessons learned to build cloud security that makes sense for you. The session is based on real-life experiences from implementing cloud security programs in largest enterprises in the world.
Ransomware Resilience in the Cloud Speaker - Sonia Sotomayor, CCSP – Cyber Risk Senior Consultant, Deloitte Risk and Financial Advisory Speaker - Glenn Schneck, n/a – Cyber Risk Senior Manager, Deloitte Risk and Financial Advisory
Vulnerabilities and misconfigurations in the cloud environment are majorly exploitable areas; if overlooked by security teams, they are easy entry points for attackers. According to a report published by SecurityWeek, Ransomware scenarios will skyrocket in 2023 due to worsening global economic conditions and the impeding effects on different industries and sectors. Now, more than ever, it is vital for organizations to understand their level of readiness when it comes to Ransomware attacks. Deloitte Advisory has the in-depth experience and security expertise to help organizations reduce risk and limit their attack surface.
Scraping Corporate America and the World: An Adventure in User Enumeration Speaker - nyxgeek @trustedsec, OSCP,OSCE,AZ500 – Practice Lead, Cloud Force Team, TrustedSec Microsoft doesn't consider user enumeration to be a security issue, so it is possible to silently enumerate Azure/M365 users at corporations, educational institutions, and government entities. In the last year I scraped 20 million usernames using a small cohort of machines. 1.We will examine Azure user enumeration methods, username formats, and wordlists. 2.We will explore the data that came out of this Azure census with focus on Fortune 500 companies, large government entities and educational institutions. How widespread is Azure adoption? What organizations are the largest users? What are the most popular username formats, and do they affect scraping coverage?
How IBM's Inline Data Corruption Detection is Changing the Game for Cybersecurity- Speaker Andy Walls, IBM Fellow, CTO and Chief Architect, Flash Systems During the presentation, we will cover the strategies that organizations can take to safeguard their data. Additionally, we will highlight the new technology that IBM FlashSystem is implementing to protect businesses against ransomware attacks. We will also be discussing the various challenges that come with cybersecurity and suggest ways in which companies can minimize the damage caused by such threats.
Two Lies and a Truth: An Angsty Journey to the Cloud Speaker - Craig Olsen, CISSP – Cybersecurity Architect, Liberty Mutual Insurance As Liberty Mutual announced the go-live date for having a significant percentage of their infrastructure in the cloud, a stunned cybersecurity architect stared in disbelief. A few years and several lost follicles later, Liberty Mutual presented their automated security governance tool at the 2019 AWS re:Inforce security conference. In retrospect, Craig thought of the game "two truths and a lie," and how the opposite seemed to be true regarding the promise of the public cloud. Listen to the lessons learned and the details surrounding the development of their custom security governance tool and why the built-in tools didn't suffice.
* Please note: This is not included in the Main Conference registration and requires a separate registration.