Cloud Security Conference

Fire Side Chat: Clear the Clouds: Threats and Risk Mitigation on Cloud Computing

Presenters: Jose Torres (ACFE DC, Guidehouse), Prem Mishra, and David Hinchman (GAO)

Learning Objectives for this session:

• Recognize challenges organizations face in implementing cloud security practices and recommendations to remediate their risks 
• Understand leading practices and standards for effective and efficient cloud security. 
• Learn the importance of people, process, and technology in having a secure cloud environment.

Continuous Compliance (cATO) with ML and OSCAL

Presenter: Valinder Mangat (DRTConfidence)

Achieving continuous compliance (cATO) requires integration with development teams, security teams, security tools, authorizing officials, and DevOps platforms. A ‘common data fabric’ is necessary to enable standardized information exchange and automate analysis. OSCAL is the data fabric that allows for standardized data exchange across all security operations and sets the foundation for achieving a continuous compliance posture. Learn how security teams can transition to a robust cATO compliance framework.

Protecting Your Apps: API Security from Development to Deployment

Presenter: Dan Barahona (APIsec University)

APIs are critical in modern applications but are increasingly targeted by cyberattacks. We will explore the key vulnerabilities, including authorization, authentication, data exposure and business logic flaws – providing practical techniques to mitigate these risks. Attendees will learn the importance and approaches to shift-left API security with continuous, comprehensive and automated testing.

Through real-world case studies, the session highlights the impact of API breaches and offers preventive measures. We will discuss secure deployment strategies, continuous monitoring, and ensuring compliance with regulations like GDPR and PCI DSS. This presentation delivers actionable insights for developers to fortify their APIs against evolving threats, ensuring robust security from development to deployment.

Five Key Cloud Security Trends and Tips

Presenter: Frank Kim (SANS)

Learn about the top five trends that are shaping cloud security adoption: identity, architecture, automation, assessment, and detection. Hear about high profile cloud security breaches and walk away with tips and techniques for responding to these trends including free and open source tools as well as cloud provider specific services you can use to build your security capabilities.

Jose Torres
President @ Washington Metro Association of Certified Fraud Examiners
Associate Director @ Guidehouse’s Financial Services practice

Jose Torres is the President of the Washington Metro Association of Certified Fraud Examiners and an Associate Director at Guidehouse’s Financial Services practice. He serves organizations in optimizing their governance, information security strategy, risk management, internal control programs, and financial reporting and compliance. Jose is a Certified Public Accountant, Certified Fraud Examiner, and Certified Information Systems Auditor.

Prem Mishra

Experienced technology and security audit leader with more than 20 years of professional experience providing technology and security assurance services in the financial and telecom industries. Extensive experience in risk management and governance, IT auditing, cybersecurity, emerging technology, including cloud and AI governance, and policy development. Possesses a proven track record of successfully leading large, diverse teams that deliver high value-added audit results for senior management and the Board.

David Hinchman
Director, Information Technology and Cybersecurity @ GAO

Dave is a Director in GAO’s Information Technology and Cybersecurity team. He oversees audits on critical infrastructure protection, the IT and cybersecurity workforce, cloud computing, and the IRS’s IT modernization efforts.

Dave joined GAO in July 2002. He has led numerous reviews of federal data center optimization and cloud computing, and was responsible for GAO’s work on the High-Risk area of Improving the Management of IT Acquisitions and Operations. Prior to joining GAO, Dave worked as a business consultant for several private sector firms (including PricewaterhouseCoopers), and served as a Surface Warfare Officer in the United States Navy.

Dave earned a master’s degree in business administration from the University of Arizona. Dave earned a bachelor’s degree in anthropology from Vassar College.

Dave works in GAO’s Dallas Field Office.

Valinder Mangat
Chief Innovation Officer @ DRTConfidence

Valinder Mangat is the Chief Innovation Officer (CIO) at DRTConfidence Inc., a contributor to the Open Security Controls Assessment Language (OSCAL) standard, and an avid technologist. As a 30-year Information Technology veteran for various Government Agencies and Fortune 100 clients, Valinder brings diverse experience in implementing complex enterprise systems and shares a unique perspective in preparing organizations for OSCAL adoption.

Dan Barahona
Co-founder @ APIsec University

Dan is the co-founder of APIsec Universtiy, a free API security training site that quickly gained over 50,000 students. He’s also the Head of Growth at APIsec, an API security testing company, and was formerly CMO and EVP Sales at Qualys, CMO at Anomali, and VP Business Development at ArcSight/MicroFocus. Dan was born and raised in Washington, DC started his career in the automotive industry as a Crashworthiness Engineer before pivoting to cybersecurity for the last 20 years.

Frank Kim
Fellow @ SANS Institute

Frank Kim is a SANS Fellow where he leads the Cloud Security and Cybersecurity Leadership curricula to help shape and develop the next generation of security leaders. Previously, he served as the organization’s CISO where he led the information risk function for the most trusted source of cybersecurity training and certification in the world.

He was also the CISO-in-Residence at YL Ventures where he supported cybersecurity entrepreneurs with ideation and market research, conducted due diligence for potential investments, and engaged in go-to-market activities of the firm’s portfolio companies.

Frank continues to serve as an advisor to numerous security startups and authors and teaches courses on CISO leadership, strategic planning, DevSecOps, and cloud security. Frank is the author and instructor of LDR512: Security Leadership Essentials for Managers, LDR514: Security Strategic Planning, Policy, and Leadership, and co-author of SEC540: Cloud Security and DevSecOps Automation.