Security Engineering and Security Leadership Event - CSA (CPE Credits Included)

Please join us to our 2023 Spring Event by Cloud Security Alliance:
Please register here- https://www.eventbrite.com/e/csa-southwest-spring-event-tickets-548017062787
Time : 8:30 am – 4:00 pm
Happy Hour – Bitters Cocktail – 4:00 – 6:00 pm
SkySong building 1
1475 N. Scottsdale Rd. Scottdale, AZ 85257
Room – 301 Ingenuity
8:30 am- 9:15am – Networking
9:15 am
CSA & ISSA Introduction
Joe Vadakkan, CSA President | Matt Clark , ISSA President
Speakers
9:45 -10:45 am
Title: Security Operations in the Cloud
How do you define Security Operations for the Cloud? Let’s have a conversation about scope of the cloud, how it’s the same and how it’s different than our traditional model including how the cloud does or does not change incident response.
11:10 am – 12:10 pm
Title: Data Protection in this Gen-Z (Zero Trust) World
Description:
“Few people would trade their every treasure in exchange for a peaceful sleepy night.”
― Sarvesh Jain
Despite all our security technologies, policies, procedures, and efforts, data breaches continue to happen regularly. It’s in the news all around us. The victims aren’t just small companies without strong security teams and budgets. They are multinational corporations, government agencies, financial institutions, military organizations, and all of us sitting here today. This discussion will dive into how the basic tenets of the Zero Trust paradigm can help us secure the data we have been entrusted to protect without burning ourselves out playing a constant game of whack-a-mole trying to keep the bad guys out.
12:10 – 12:55
Networking & Lunch sponsored by Beyond Trust – Brett Nickal
1:00 pm – 2:00 pm
A CISO Playbook: What it takes to succeed in securing the modern enterprise.
Abstract
While the number of paths to the role of CISO are numerous, the problem that presents itself once you arrive there is rather consistent. We all find ourselves wondering, how did I get here and how do I keep this job longer than the 90-day probationary period? In a job known for high turnover, how do we plan for the long run and build a truly great security team, capable of protecting an organization now and in the future? In this talk we will take a look at strategies for winning at CISO, along with how to apply them across a range of circumstances. If you are not the CISO, do not despair – these recommendations may be helpful for a range of influence levels (then later, you will be CISO somewhere if you get it right).
Mike presently serves as the Chief Information Security Officer for Grand Canyon Education, responsible for leading the security team and formulating the vision and strategy for protecting students, staff, and information assets across the enterprise. Previous experiences include serving as a threat prevention engineer for Check Point and working as a consultant and analyst for other organizations.
He is also a co-author/contributor for the joint book project, Understanding New Security Threats published by Routledge in 2019, along with multiple articles. When not working, he spends time playing video games with his kids or doing projects around the farm.
2:10 pm – 3:00 pm
Title: A primer on privacy risk for privacy and security professionals
Abtract: Insurance companies don't use traffic light analogies for setting insurance rates and neither should you. In this talk, the author of Strategic Privacy by Design will discuss the importance of quantification, the pitfalls of qualitative assessments, the growing regulatory demand for risk assessments and highlight the different focuses of privacy versus security risks.
3:10 pm – 4:00 pm
Topic:
Embedding Security in the CICD Pipeline - DevSecOps Paradigm
Description: The Continuous Integration/Continuous Delivery (CI/CD) pipeline refers to a process that software development uses to build, test, and deploy code. By automating the process it reduces the risk and time associated with releasing software. However, as pipelines operate at a higher speed, security can sometimes be overlooked leading to possible security issues. CI/CD is part of the digital transformation of moving from monolith architecture to Microservices, and from Waterfall development methodology to Agile/DevOps.
Room 365 - Demo/Labs - SBOM, IoT/OT, Security Pipelines with CRIBL, Privilege Identity with Mac's, Cloud Security