The GWDC is proud to partner with the DC Chapter of the Cloud Security Alliance to host its annual cloud conference, Cloud Security 2023. This virtual conference is part of our monthly conference series.
Cloud security and enablement professionals, IT advisory or audit professionals, business executives, cybersecurity professionals, students or professionals interested in learning more about cloud security should attend this conference.
Registration closes on September 27, 2023 @ 12pm.
The GWDC is proud to have the DC Chapter of the Cloud Security Alliance as a partner for this event. For more information on the CSA DC Chapter, please visit their website at https://cloudsecurityalliance-dc.org/home.
08:30 AM – 09:30 AM
Who’s Vulnerable in YOUR IT Supply Chain?
Presenter: David Barnscome (Microsoft)
“Compromise one to compromise many.” More and more frequently, nation-state attackers leverage the trusted relationships in an organization’s IT supply chain to achieve compromise of downstream targets. How can you take steps to protect against this type of activity?
In this discussion, we’ll look at some interesting examples of how supply chain compromise has been achieved, and what it eventually led to. More importantly, we’ll talk about how you can assess your IT suppliers so that you can have confidence that they are taking the right steps to protect your organization’s data estate.
09:30 AM – 10:30 AM
Threat Intelligence Integration
George Alves discusses how being “threat informed” is critical in the execution of your Zero Trust capabilities and activities whether on-prem or in the cloud. From the Zero Trust Capability Roadmap: this capability requires integration of threat intelligence information and streams about identities, motivations, characteristics, as well as tactics, techniques, and procedures (TTPs). This capability will assist Cyber Defenders be more proactive rather than reactive.
10:30 AM – 11:30 PM
Cloud Adversarial Vectors, Exploits, and Threats (CAVEaT™): An Emerging Threat Matrix for Industry Collaboration
Presenter: Dr. Mari J. Spina (CSA DC Chapter and MITRE)
Cloud security practitioners agree there’s a need for comprehensive threat-informed security guidance to address system assessment, secure design, cyber analytics, and threat mitigation. Due to the rapid development of cloud technologies and service offerings, it is also necessary to develop a forward-looking adversary perspective that identifies emerging cloud service risks along with detailed detections and mitigations for practitioners to implement. The Cloud Security Alliance (CSA) and the MITRE Corporation have established the Cloud Adversarial, Vectors, Exploits, and Threats (CAVEaT™) collaboration to bring relevant content to the cloud security practitioner. This research explores today’s available frameworks with relevance to cloud systems and proposes a course of action to advance the state of the art in threat-informed security by collaborating with cloud service providers (CSPs), international security researchers, and key subject matter experts.
11:30 AM – 12:30 PM
Continuous Compliance – Security Assessments the Cloud-Native Way
Presenter: Michael Wasielewski (Capgemini)
Security assessments for cloud environments have and continue to evolve at a dramatic rate. Just a few years ago security standards for cloud environments were difficult to understand and even more difficult to audit against. Since then, cloud service providers and their partners have built tools to simplify auditability for their customers and auditors alike; but the pace of change in and of modern cloud environments still vexes many traditional assessment practices. In this talk, we’ll cover how the next generation of audit tools are adopting a continuous compliance approach for evaluating cloud environments in near-real time, and how to think differently about what artifacts can demonstrate real risk management as opposed to point in time theater. By the end of the session you’ll better understand how to approach security assessments for modern cloud environments.
David is a Global Partner Solutions Architect for Security, Compliance, and Identity at Microsoft. In this role, David is responsible for training and supporting Microsoft partners on the latest security compliance and identity solutions, including Microsoft 365, Azure and Windows.
George Alves has over 35 years of DOD and Acquisition experience. Currently he is a Defense Acquisition University (DAU) Cybersecurity Professor. He holds a Master of Science in Cybersecurity along with various professional certifications such as CISSP and CEH. Before coming to DAU, he served as the Information Systems Security Manager (ISSM) at the Office of the Comptroller of the Currency under Department of Treasury overseeing IT/Cyber acquisitions and compliance throughout several platforms to include public and private cloud environments. He is a former Navy Civilian of 10 years to include being the Deputy CIO for Cybersecurity at Naval Sea Systems Command HQ in Washington Navy Yard, DC. There he oversaw the entire NAVSEA enterprise comprised of over 2000 operational, developmental, and RDT&E networks, systems, and applications both on-premise and in cloud environments. He had a team of almost 40 civilians and contractors to include the first NAVSEA Cyber Scientific & Technical Intelligence Liaison Officer (STILO) in a position he created to integrate intelligence within Cybersecurity. He also spent two years as an Army civilian supporting the Program Manager of DOD Biometrics as the Cybersecurity Lead under the Program Executive Office Intelligence Electronic Warfare and Sensors (PEO IEW&S). There he was involved in the early stages of acquisition supporting the designs, engineers, deployment, and sustainment of enterprise biometric solutions in multiple operating environments enabling identity dominance on the battlefield and across the Department of Defense to include migrating tactical systems into the cloud. He is also a proud veteran retiring after 20 years of Navy active-duty service. Some of his assignments includes serving as the Automated Data Processing Division Officer onboard the USS NASSAU, and as a Computer Network Defense Leading Chief Petty Officer within Joint Forces Command where he stood up a Global Command, Control, Communications, Computers, and Intelligence (C4I) Coordination Center after the 9/11 attack.
Dr. Mari J. Spina is the Cloud Security Alliance-DC Chapter Reasearch Committee Chair. In this capacity, she has been leading the charge to develop critical research to advance the state of practice in cloud security for highly regulated industries represented by the CSA-DC Chapter membership. Dr. Spina is also a Principal Cybersecurity Engineer at the MITRE Corp. supporting a multitude of MITRE Federal sponsors including DoD and the IC in the area of Cloud Security. At MITRE, she leads the Cloud Security Capability Area, and teaches Cloud Security for the MITRE Institute. She has taught many Information Technology courses for the George Washington University schools of engineering and business. Before joining MITRE, she worked for government engineering firms including Hughes Aircraft, SAIC, ManTech, NJVC, and DMI since 1988 where she provided IT systems engineering to a variety of Federal agency missions including those of the Intelligence Community and the DoD. Mari holds a D.Sc. in Engineering Management from the George Washington University, a MSEE from the University of Southern California, and a BSME from California State University Northridge. She is also PMI PMP and ISC2 CISSP, ISSEP, CCSP certified.
Moving from outside of Washington D.C. in the US, Michael moved to Paris joining Capgemini in December of 2021. Responsible for global cloud security and next-gen secure architecture portfolio development, Michael brings a robust background ranging from Network Operations and Engineering, running global Information Security teams and modernizing enterprises through their cloud and workplace journeys, and executing as a global Cloud Security specialist. When not playing video games with his two kids or struggling to learn French, Michael wishes he could play more golf or do some more skydiving.
Virtual Meeting Information
- This event will be presented through Zoom.
- Prior to the event, participants must install the Zoom app on their respective devices or use the web-based Zoom. Calling via the phone may not be entitled to CPE credits.
- Participants must respond to all the poll questions via the Zoom polling feature or chat log in order to receive NASBA CPE credits.
- The ISACA Greater Washington, D.C. Chapter will not be responsible for the participant’s inability to respond to the polls.
Event Questions and Policies
If you have any registration questions about this event, please contact the chapter using the Registration Contact Form.
If you have CPE questions after the event has concluded, please contact the chapter using the CPE Contact Form.
Cancellation and Refund Policy
Cancellation and refund for advance registrations is allowed if cancellations are submitted through the registration system. Refunds vary depending on the date of cancellation. See ISACA GWDC Event Policies for details.
If ISACA GWDC cancels the event, all registrants will be notified as soon as possible through email at the email address provided during registration. Full refunds will be provided.
The GWDC welcomes your comments, complaints, suggestions, questions, and other feedback concerning our website information and services. All complaints should be submitted through the Registration Contact Form.
Earn up to 4 Continuing Professional Education (CPE) credit in the area of Information Technology. The ISACA® Greater Washington, D.C. Chapter is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.NASBARegistry.org
CPE Distribution and Evaluation Survey
CPEs will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present for the full event to receive full CPE credit.
After attending this event, attendees will learn about recent topics in the Cloud Security space.
- Prerequisites: None
- Advance Preparation: None
- Program Knowledge Level: Basic
- Delivery Method: Group Internet Based
- Field of Study: Information Technology – Technical