While cloud technology is mature, and already a permanent fixture in today’s IT environments, security strategies must continue to adapt to address ever-changing governance policies, evolving mobile risks, the growth of Big Data and increasingly sophisticated threats. Whether your current cloud setup is on or off-premise, security needs to be a top consideration, even if your existing tools and tactics seem to be working for the time being.
This conference will cover the risks and standards that relate to cloud technology, mobility and big and best practices to meet the challenges of today's modern IT environments that impact us as IT auditors and IT security professionals.
The Evolving World of Risk
The very best organizations out there are taking charge of their information security programs – and are winning! How? They are taking the idea of not letting anything bad come in or good leak out to new heights. By focusing their time and attention on the areas of greatest risk (users and the Internet itself), they are able to exponentially reduce their numbers of events and incidents. This equates to more time to conquer additional areas of concern, which of course drives even more success. In this session, you will hear from a Fortune 10 security leader who will provide a real world view into what changes are shaping our future, from architectures to cybersecurity job discipline and pretty much everything in between.
What's Leaking Out of Your Cloud?
Assuming your data is encrypted, it is still possible to exploit certain vulnerabilities with adjacent and corresponding establishing details from your cloud presence. Open Source Intelligence (OSINT) Expert Kirby Plessas will demonstrate what an adversary may pull from the cloud that many users do not know is publicly available. Sometimes, items are not encrypted at all, leaving your holdings wide open like a leaking bucket of data. Some cloud computing vendors promote the idea that they have the latest, most sophisticated data security systems possible. The average small business may not be able to afford implementing high-level security on its own servers and stands to benefit from improved security through reputable cloud vendors. Ms. Plessas will demonstrate the risks of not setting up your cloud presence correctly.
A panel of cloud experts allow our audience to pose questions and will discuss the following;
Emerging Technologies and Standards: Application Containers, Microservices and a new Standard of Standards
Containers such as Docker and CoreOS Rkt deliver incredible capabilities to developers and operators and are powering the DevOps revolution in application development and deployment. Docker in particular has taken industry by storm, resulting in over 8 billion downloads and 500,000+ containerized applications in this open source platform. Furthermore, IT professionals face a variety of security standards that they must meet simultaneously. Come learn how application containers and micro-services work via the definition published in the NIST publication SP 800-180, understand the security challenges leveraging this new approach, and best practices to address the same as documented in future NIST & CSA publications. This talk will also discuss a new NIST project to standardize control, implementation and assessment information using an open, machine-readable format.
|Who should attend?
Kevin Peterson is the director or security and network transformation at Zscaler, where he primarily works with the largest cloud security deployments to ensure that the desired outcomes are achieved. He brings with him the advantage of having lead the security efforts for one of McKesson's (Fortune 10) major business units (75 software products, managed services...), as well as the company-wide cloud security strategy, ranging from A to Z (Azure to Zscaler!). As a top practitioner and trusted advisor on both enterprise and cloud security topics, his goal is helping everyone achieve the most effective security with the lowest cost to the business.
Kirby Plessas is founder and CEO of Plessas Experts Network, Inc. (PEN), an Open Source Intelligence (OSINT) internet technology and information extraction company specializing on training, researching, and consulting to meet the unique needs of diverse government and private-sector organizations.
Before devoting her work full time to Plessas Experts Network, Inc., Kirby established herself as one of the foremost tradecraft experts in OSINT through a successful careers both as a member of the U.S. Military and as a Government Contractor prior to founding PEN in 2008. A service-disabled veteran, Kirby began her career in Military Intelligence as an Arabic linguist supporting the Department of Defense. Upon completion of her Army service, Ms. Plessas complimented her military intelligence expertise through utilizing her OSINT experience at the Defense Intelligence Agency to support the warfighter as well as supporting other Intelligence Community activities. Acknowledged as an expert in her field, in 2007 she was selected to participate and instrumental in the creation and institution of an innovation center for conducting Open Source Intelligence (OSINT). In great tribute to her long list of personal and corporate accomplishments in her field, the Department of Homeland Security declared Kirby Plessas an OSINT Technical Expert (2010).
Through her work at PEN, Kirby shares her love of innovative technology and OSINT expert skill through presenting at conferences and corporate workshops as well as consulting and delivering of hands-on training courses both within the United States and Internationally. Although she maintains a diverse customer portfolio, one of Kirby's main business lines of effort is focused on law enforcement and the internet, where there is substantial interest in safe and investigative uses of social media. Ms. Plessas has additionally taught numerous social media classes for the U.S. Department of Justice and conferences including SXSW Interactive, the High Technology Crime Investigation Association and the International Conference on Transnational Organized Crime.
Anil Karmel is the co-founder and CEO of C2 Labs, a company that partners with organizations on their journey, from designing and implementing IT Strategic Plans to allow IT to take back control leveraging our forward-leaning products and services to a deep specialization in Application Rationalization and Transformation (ART), leveraging Secure Development Operations (DevSecOps), cutting edge application architecture methodologies and a secure application container management platform in C2’s Intermodal Operations Navigator (ION). Formerly, Anil served as the National Nuclear Security Administration's (NNSA) Deputy Chief Technology Officer. Within NNSA, Karmel served as the RightPath Chief Architect and Management and Operations (M&O) Implementation Lead for a range of enterprise information technology (IT) solutions including cloud computing, enterprise mobility, unified communications and enterprise wireless.
Karmel has been in the IT Industry for over fifteen years, working with various Fortune 500 companies and government in the areas of cloud, cybersecurity and collaboration. He and his team garnered industry and government accolades, including the SANS National Cyber Security Innovators Award for Cloud Security, InformationWeek 500 Top Government IT Innovators, ACT/IAC Excellence.gov Award and the DOE Secretary's Achievement Award. His team at Los Alamos National Laboratory was named an ACT/IAC Excellence.gov Finalist two years running. Karmel is an internationally recognized speaker and has been featured at numerous IT conferences and webinars.
Anil serves as the co-chair of the National Institute of Standards and Technology (NIST) Cloud Security Working Group, currently leading the security working group to document best practices for application container and microservices security. He authored the NIST Definition of Application Containers and Microservices, SP 800-180 and co-chairs the Cloud Security Alliance’s (CSA) Application Container and Microservices Working Group documenting best practices for application containers and microservices.
Avinash Saraswat is a Senior Manager in the Financial Services – Digital Practice of Ernst & Young LLP within the Cloud Platforms group. Avinash focuses on cloud risk and security aspects of cloud transformation supporting clients in complex IT and cloud transformation programs. Avinash has over 10 years of experience helping clients across IT infrastructure and operations, identity and access management, IT service management and IT risk management and System Implementations disciplines. Avinash is a graduate of Georgia State University and holds a Master’s degree in Information Systems. Avinash has Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC) and ITIL v3 foundation certifications.
Manuel Masri is a Senior Manager in the Financial Services – Digital Practice of Ernst & Young LLP leading the cloud transformation practice with an amazing team and supporting clients in their strategy for cloud, migration to a hybrid or fully cloud platform, or in their cloud architecture. Manuel has more than 10 years of experience in cloud strategy, cloud cost analysis, IT strategy, application and tools rationalization, infrastructure divestures and stand ups, infrastructure assessments, IT service management process improvement, network design/assessment and deployments, data center migration and others areas.
Diego Lapiduz is the Chief Information Security Architect for Azure Government where he is working to help the government consume cloud services and speed up innovation. Before Microsoft, he worked at the United States government building a platform (cloud.gov) to allow faster and easier government compliance without sacrificing developer experience. Earlier in his career, Diego worked on projects ranging from ecommerce to social networks. You canfind him in social media and GitHub on @dlapiduz.
ISACA Members from Other Chapters: You will need to bring your ISACA Membership Card to the event to verify your ISACA Membership.
Conference presentations are posted to the Presentations Library when permission is received from the presenter and their organization. In some cases, permission is not received.
Earn up to 7 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.
CPE's will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day to receive full CPE credit.