11:30 lunch and networking
11:45 news and notes
12:00 featured speaker Keith McCanless
According to OWASP Top 10, Sensitive Data Exposure "has been the most common impactful attack." A key prevention measure is to "classify data processed, stored, or transmitted by and application." Applications collect data in many ways that make data classification difficult - chat, cameras, comments, logs, etc. Adding data classification to the data storage pipeline allows for more control.
Google Cloud Platform's (GCP) Data Loss Prevention (DLP) API can be a valuable tool in a data pipeline. DLP API classifies and can potentially redact many types of data, including Global Data Types plus unique types from 35 countries. Then results can be queried with SQL and exported via reports.
Keith McCanless has an extensive history of developing secure desktop, web, and mobile applications. Early in his career, while primarily a software developer and architect, he was driven by his interest in security to discover a critical Firefox zero-day shell vulnerability. As his career developed, his interest in security increased and he began working to insert security at every step of the software development lifecycle. This led to his early adoption of SecDevOps principles within his web and mobile product teams. As his current employer, Command Alkon, began to move their data to the cloud, Keith as chosen as Director of Security based on his security track record of developing, maintaining, and securing products in the cloud.