AGM 2021
4th November 2021
10:00 - 17:15
Online event
The agenda, the recorded session and slides
10:30 – 11:15 Opening keynote: "Threat Wars: The empire shifts left"
Anthi likes getting things done right. She is currently a CISO at a Akeero – a position she aspired towards during her many years slumming it as a penetration tester and appsec engineer at places like Bank of Ireland, Logitech and Forcepoint. The only thing she hoards more than certifications is conference swag, she fights over couch space with her three dogs, has an odd quirk about raccoons, and is easily bribed with cake.
Key takeaways:
A helpful method for information security managers to prioritise their activities
An understanding of how automated threat modelling for cloud-native organisations can decrease the risk of a breach by 90%
A reminder to engage with the security professionals and communities around us
11:15 – 11:45 "Learning from the wild: Google Cloud Platform 1:1"
Delivering business value through robust, scaleable, fit for purpose security. Abhishek establishes new ways of working help the business to innovate. Challenging the status quo to help remove inertia, provide better outcomes and reduce security risk for the business. Creating a strong security foundation.
Key takeaways:
Understanding GCP is quite different from other Cloud platforms
Easier to teach developers security than other way around
11:45 - 12:00 Cloud Security Enablement Program by CSA UK
Synopsis:
Kriti Mohun will brief you on exciting news from the CSA UK: "Starting November 9th 2021, we are starting Cloud Security Enablement program in the UK. This program is built to enable both new joiners in the cyber security industry, and seasoned professionals. This training series is aimed at helping to skill up, increase level of confidence by having hands-on practice on different security tools, and also explore different aspects of security. The program will run for both beginners sessions and professionals with multiple years in the industry. All announcements will be done on CSA circle site."
12:00 - 12:30 Zero Trust – Panel report and Research update
Lee has been working to help organisations to deliver resilient, reliable and safe information services since 1998. He has over 20 years diverse experience working across the financial services sector, the FTSE350 and Government, via employment with two of the Big Four advisory firms as well as two stints at Capgemini.
Key takeaways:
Zero trust report findings
Research updates from CSA UK and Global
12:30 - 13:00 "The Cloud Native Adversary"
Raj Samani is a computer security expert working as the Chief Scientist, and McAfee Fellow for cybersecurity firm McAfee. Raj has assisted multiple law enforcement agencies in cybercrime cases, and is special advisor to the European Cybercrime Centre (EC3) in The Hague. Raj has been recognised for his contribution to the computer security industry through numerous awards, including the Infosecurity Europe hall of Fame, Peter Szor award, Intel Achievement Award, among others. Raj is also the co-author of the book 'Applied Cyber Security and the Smart Grid', CSA Guide to Cloud computing, as well as technical editor for numerous other publications.
Synopsis:
Analysis into the MO of threat actors making the headlines, and demonstrative examples of their cloud knowledge designed to cause maximum disruption.
13:00 - 13:45 Lunch talk: "Certifications: What do hiring managers really want?"
A proven consultative and successful recruiter passionate about assisting security leaders and security practitioners alike meet their career and business goals. Demonstrated history of staffing high profile regulatory and commercial driven Cyber Security and Technology Risk programmes globally.
Key takeaways:
prepare yourselves for the next role
ace the interview
13:45 – 14:00 CSA UK Past and Upcoming Events
Still deeply fascinated by business strategies and technology after so many years, Vladimir created the much respected cyber security company, Foresight Cyber security: his passion of designing, building, and implementing secure architectures continually drives him. This is evidenced by the assurance he and his team provide to a wide range of international clients right across the business, technology and cyber security sectors. Planning and presenting at conferences, writing numerous cyber security articles is Vladimir's way of “paying back”.
Key takeaways:
review of past events
driving members to share their experiences and knowledge
14:00 – 14:45 Diversity in Cyber Panel / Respect in cyber
Panelists:
The panel will address questions: "Are we doing enough to attract diverse talent in industry? What changes would you like to see in the industry?"
14:45 - 15:15 “What if our models of risk are insufficient ? Risk modelling in a dynamic environment"
With 18+ years of experience and with roles spanning penetration testing, operations, engineering, product management and Governance, Risk Management and Compliance, Mario is known for his strategic thinking, pragmatic approaches often bridging the communication gap between technical and governance professionals to enable real collaboration. Speaker on learning from safety science, resilience engineering and managing in complexity.
Key takeaways:
Risk emerges in the interactions between people and technology, not necessarily on linear-causality models which are highly popular
drifts into failure and the erosion of controls overtime make security leaders unaware of emergent risks until they materialise
taking a functional abstraction approach to assessing risk in context allows for direction of security programmes that deliver better insights at how risky our operations are
15:15 - 15:45 “DAMN SMART Cloud Security - Pattern and cloud generation and how it can be enforced in SDLC”
Executive, Public Speaker, out of the box thinker. As an executive, I love to stay close to the technology but to keep it simple. He is a data and result-driven Cyber Security Executive/vCISO highly regarded for planning and executing strategic infosec improvement programs that protect data and technical assets, reduce security risks, and align with long-term organisational goals
Key takeaways:
Use patterns to improve cloud security
CSA creates relevant and applicable content to help with cloud security
15:45 – 16:15 "Churchill, Cloud Security, and You: 5 Vintage Principles for Modern Security"
Ben is a recognised thought leader in Microsoft's global security community, and is passionate about cultural transformation, strategy, and sustainability, in addition to the transformational role of technology. Before joining Microsoft he led the Cyber and InfoSec practice for a renown management consultancy on the US east coast, and has extensive experience at the most senior levels in Tier 1/globally systemic banks, critical national infrastructure, pharmaceutical OT, and many other highly sensitive security environments. He is a recognised expert in a broad range of security and cloud technologies, security architecture, and regulatory frameworks, and a frequent public speaker and writer on these subjects.
Key takeaways:
Collision of Cultures
Form and Function
Old Problems, New Priorities
When, Not If
Sustainably Resilient
16:15 – 16:45 "Full IT outsourcing - Key learnings from large-scale Cloud adoption"
Serdar is a senior cyber security professional with a proven track record with the Big 4, IBM and Visa in Partner and Executive roles. He has over 20 years’ experience in helping global firms in managing cyber security risks and transforming to stay ahead of the curve. Serdar has been the Cyber leader for Deloitte Nordic as Managing Partner and has also built cyber security practices with IBM and EY in various sizes and shapes. Prior to professional services, Serdar published two industry patents with HP Labs on Trusted Computing following the completion of his Ph.D. at Purdue University with focus on detection of corporate espionage. He is a former Fulbright scholar, an avid basketball player and a former jazz and choral rock vocalist having performed around the world.
Key takeaways:
Key learnings on how to approach large-scale Cloud migrations,
Creating a value proposition for security to be an integral part of Cloud transformation
Adopting an agile approach rather than big bang
16:45 – 17:00 Board Announcement & Election, Closing & Thanks
Paul is the CEO of the Global Identity Foundation, a security analyst & consultant as well as being on the advisory board of a number of global security companies. He is the co-editor of CSA's Cloud Security Guidance version 3 and a co-founder and board member of the Jericho Forum. He is a highly rated keynote speaker for conferences and corporate events, and a noted commentator on Information Security. Paul is also a director of the Cloud Security Alliance (Europe) and also sits on the advisory board of a number of leading-edge computing companies.