AGM 2021

4th November 2021

10:00 - 17:15

Online event

The agenda, the recorded session and slides

10:00 - 10:30 Welcome & Chapter Overview

10:30 – 11:15 Opening keynote: "Threat Wars: The empire shifts left"

Anthi likes getting things done right. She is currently a CISO at a Akeero – a position she aspired towards during her many years slumming it as a penetration tester and appsec engineer at places like Bank of Ireland, Logitech and Forcepoint. The only thing she hoards more than certifications is conference swag, she fights over couch space with her three dogs, has an odd quirk about raccoons, and is easily bribed with cake.

Key takeaways:

  • A helpful method for information security managers to prioritise their activities

  • An understanding of how automated threat modelling for cloud-native organisations can decrease the risk of a breach by 90%

  • A reminder to engage with the security professionals and communities around us

#aws #devsecops #threatmodelling

11:15 – 11:45 "Learning from the wild: Google Cloud Platform 1:1"

Delivering business value through robust, scaleable, fit for purpose security. Abhishek establishes new ways of working help the business to innovate. Challenging the status quo to help remove inertia, provide better outcomes and reduce security risk for the business. Creating a strong security foundation.

Key takeaways:

  • Understanding GCP is quite different from other Cloud platforms

  • Easier to teach developers security than other way around

#gcp #devsecops

11:45 - 12:00 Cloud Security Enablement Program by CSA UK


Kriti Mohun will brief you on exciting news from the CSA UK: "Starting November 9th 2021, we are starting Cloud Security Enablement program in the UK. This program is built to enable both new joiners in the cyber security industry, and seasoned professionals. This training series is aimed at helping to skill up, increase level of confidence by having hands-on practice on different security tools, and also explore different aspects of security. The program will run for both beginners sessions and professionals with multiple years in the industry. All announcements will be done on CSA circle site."

#cloud #learning #training

12:00 - 12:30 Zero Trust – Panel report and Research update

Lee has been working to help organisations to deliver resilient, reliable and safe information services since 1998. He has over 20 years diverse experience working across the financial services sector, the FTSE350 and Government, via employment with two of the Big Four advisory firms as well as two stints at Capgemini.

Key takeaways:

  • Zero trust report findings

  • Research updates from CSA UK and Global

#csa #research #zerotrust

12:30 - 13:00 "The Cloud Native Adversary"

Raj Samani is a computer security expert working as the Chief Scientist, and McAfee Fellow for cybersecurity firm McAfee. Raj has assisted multiple law enforcement agencies in cybercrime cases, and is special advisor to the European Cybercrime Centre (EC3) in The Hague. Raj has been recognised for his contribution to the computer security industry through numerous awards, including the Infosecurity Europe hall of Fame, Peter Szor award, Intel Achievement Award, among others. Raj is also the co-author of the book 'Applied Cyber Security and the Smart Grid', CSA Guide to Cloud computing, as well as technical editor for numerous other publications.


Analysis into the MO of threat actors making the headlines, and demonstrative examples of their cloud knowledge designed to cause maximum disruption.

#cloud #resilience #threatactors

13:00 - 13:45 Lunch talk: "Certifications: What do hiring managers really want?"

A proven consultative and successful recruiter passionate about assisting security leaders and security practitioners alike meet their career and business goals. Demonstrated history of staffing high profile regulatory and commercial driven Cyber Security and Technology Risk programmes globally.

Key takeaways:

  • prepare yourselves for the next role

  • ace the interview

#cloud #jobsearch

13:45 – 14:00 CSA UK Past and Upcoming Events

Still deeply fascinated by business strategies and technology after so many years, Vladimir created the much respected cyber security company, Foresight Cyber security: his passion of designing, building, and implementing secure architectures continually drives him. This is evidenced by the assurance he and his team provide to a wide range of international clients right across the business, technology and cyber security sectors. Planning and presenting at conferences, writing numerous cyber security articles is Vladimir's way of “paying back”.

Key takeaways:

  • review of past events

  • driving members to share their experiences and knowledge

#cloud #community #events

14:00 – 14:45 Diversity in Cyber Panel / Respect in cyber


The panel will address questions: "Are we doing enough to attract diverse talent in industry? What changes would you like to see in the industry?"

#cyber #diversity #womenintech

14:45 - 15:15 “What if our models of risk are insufficient ? Risk modelling in a dynamic environment"

With 18+ years of experience and with roles spanning penetration testing, operations, engineering, product management and Governance, Risk Management and Compliance, Mario is known for his strategic thinking, pragmatic approaches often bridging the communication gap between technical and governance professionals to enable real collaboration. Speaker on learning from safety science, resilience engineering and managing in complexity.

Key takeaways:

  • Risk emerges in the interactions between people and technology, not necessarily on linear-causality models which are highly popular

  • drifts into failure and the erosion of controls overtime make security leaders unaware of emergent risks until they materialise

  • taking a functional abstraction approach to assessing risk in context allows for direction of security programmes that deliver better insights at how risky our operations are


15:15 - 15:45 “DAMN SMART Cloud Security - Pattern and cloud generation and how it can be enforced in SDLC”

Executive, Public Speaker, out of the box thinker. As an executive, I love to stay close to the technology but to keep it simple. He is a data and result-driven Cyber Security Executive/vCISO highly regarded for planning and executing strategic infosec improvement programs that protect data and technical assets, reduce security risks, and align with long-term organisational goals

Key takeaways:

  • Use patterns to improve cloud security

  • CSA creates relevant and applicable content to help with cloud security

#cloud #research #architecture

15:45 – 16:15 "Churchill, Cloud Security, and You: 5 Vintage Principles for Modern Security"

Ben is a recognised thought leader in Microsoft's global security community, and is passionate about cultural transformation, strategy, and sustainability, in addition to the transformational role of technology. Before joining Microsoft he led the Cyber and InfoSec practice for a renown management consultancy on the US east coast, and has extensive experience at the most senior levels in Tier 1/globally systemic banks, critical national infrastructure, pharmaceutical OT, and many other highly sensitive security environments. He is a recognised expert in a broad range of security and cloud technologies, security architecture, and regulatory frameworks, and a frequent public speaker and writer on these subjects.

Key takeaways:

  • Collision of Cultures

  • Form and Function

  • Old Problems, New Priorities

  • When, Not If

  • Sustainably Resilient


16:15 – 16:45 "Full IT outsourcing - Key learnings from large-scale Cloud adoption"

Serdar is a senior cyber security professional with a proven track record with the Big 4, IBM and Visa in Partner and Executive roles. He has over 20 years’ experience in helping global firms in managing cyber security risks and transforming to stay ahead of the curve. Serdar has been the Cyber leader for Deloitte Nordic as Managing Partner and has also built cyber security practices with IBM and EY in various sizes and shapes. Prior to professional services, Serdar published two industry patents with HP Labs on Trusted Computing following the completion of his Ph.D. at Purdue University with focus on detection of corporate espionage. He is a former Fulbright scholar, an avid basketball player and a former jazz and choral rock vocalist having performed around the world.

Key takeaways:

  • Key learnings on how to approach large-scale Cloud migrations,

  • Creating a value proposition for security to be an integral part of Cloud transformation

  • Adopting an agile approach rather than big bang

#cloudmigrations #casestudy

16:45 – 17:00 Board Announcement & Election, Closing & Thanks

Paul is the CEO of the Global Identity Foundation, a security analyst & consultant as well as being on the advisory board of a number of global security companies. He is the co-editor of CSA's Cloud Security Guidance version 3 and a co-founder and board member of the Jericho Forum. He is a highly rated keynote speaker for conferences and corporate events, and a noted commentator on Information Security. Paul is also a director of the Cloud Security Alliance (Europe) and also sits on the advisory board of a number of leading-edge computing companies.


It was a great event! See from the screenshots