Earn up to 6.5 CPE credits by attending this virtual event.
The adoption of cloud-based services among the workforce has surged in the era of COVID-19, and yet the business world is struggling with a dearth of infosec professionals who are trained and specialized in cloud security. To compensate, security leaders must understand and overcome the latest cloud-based threats targeting their employees, while relying on creative recruitment and upskilling to secure the cloud talent they desperately need. Don’t get “lost in the cloud.” Attend this eSummit on October 25-26 to learn more about topics like:
- CyberRisk Alliance’s exclusive cloud security research
- Advice on recruiting, training and upskilling cloud security talent
- How to shield your workforce from today’s cloud-based phishing and ransomware scams
- Best practices for avoiding cloud misconfigurations, leaks and breaches
Tuesday, October 25 Agenda
OPENING KEYNOTE | 11:00 AM | Rewriting the security awareness training manual for the cloud era
Developing an effective security awareness program is never easy. Employees can tend to tune out key lessons if not properly motivated and engaged. And now the widespread adoption of cloud-based and hybrid IT models have added a whole new level of complexity to these lesson plans. Which leads us to the question: To what extent do CISOs and security awareness program managers need to rewrite their training manuals and cyber hygiene policies in order to factor in the latest cloud-based threats? This session will examine how security awareness programs must evolve to reflect the impact that cloud-based services have had on the way we all do business?
10 Steps to Cloud Security Success in 2022
Richard Beckett: Senior Product Marketing Manager, Sophos
With busy IT teams how do you make sure you’re making the right cloud security decisions in 2022? Join Sophos as we discuss how to operationalize your cloud security approach, adding the right security tools and expertise to help you reduce security risk, increase cloud security posture, and improve the efficiency of your security program and internal teams.
You’ll leave the session with:
• 10 clear steps to optimizing your cloud security approach
• A free cloud security and compliance health check to schedule with a Sophos expert
Walking the line: shift left security and what it means for modern app development
David Puzas: Director Product Marketing, Cloud Security, CrowdStrike
It’s no secret that the cloud-native cybersecurity threat landscape is intensifying. In a developer security survey conducted by ESG and sponsored by CrowdStrike, nearly all respondents reported that their organizations have encountered cloud security incidents and related consequences in the past year. Most respondents indicated their organizations have faced a variety of security incidents and related consequences tied to their internally developed cloud-native applications. To address these challenges many organizations are turning to a shift left approach to securing modern apps. In this session David Puzas, Director of Product Marketing, Cloud Security at CrowdStrike, will:
• Share the key findings of the ESG report, and the numbers behind them, that drive the need to incorporate security into development processes.
• Walk through the challenges IT and cybersecurity professionals are facing with faster cloud-native development lifecycles.
• Describe approaches to prioritizing the adoption of a developer-focused security strategy to secure the threat landscape.
RESEARCH SESSION | CRA Study: The Harsh Realities of Cloud Security
Bill Brenner: VP of Content Strategy, CRA
Dana Jackson: VP of Research, CRA
Security practitioners participated in a September 2022 study about their challenges, strategies, and successes with cloud security. In this session, CRA VP of Content Strategy Bill Brenner and CRA VP of Research Dana Jackson discuss the key takeaways.
Hyper-distributed users and apps – here, there, everywhere. How do you secure this?
Nada MacKinney: Product Marketing Manager, Cloud Security, Cisco
Hybrid work is transforming how your organization works. Applications are hyper-distributed across a diverse IT landscape. On shifting sands, how do you ensure security, control, and compliance?
In this webinar, learn how to put the missing pieces of your security puzzle together, and how the hybrid workforce requires a fundamentally new approach to securing workers, whether in-office or remote.
1Password’s masterclass: security theatre vs. proven security tactics
Adam Pike: Solutions Architect, 1Password
Many password myths and security policies make things less secure for everyone and harder to stay safe online. Learn how to spot and avoid security theatre.
CLOSING KEYNOTE | 2:30 PM | Shifting threat trends as the cloud industry matures
According to new research from the Cloud Security Alliance, organizations are learning to trust the reliability of cloud environments, but are pinpointing gaps in identity management and design as a key point of weakness. This session will examine the CSA’s “Pandemic Eleven” — the 11 most serious cloud-based threats as identified via a survey of its Top Threats Working Groups members. According to a recent CSA report, many of these threats involve factors like: identity and access management, cryptography, configuration management, poor coding practices and ignoring strategic cloud direction.” Learn more about these key dangers, and how recent developments in concepts such as Zero Trust, agile project management and DevOps have shifted the threat landscape.
Wednesday, October 26 Agenda
OPENING KEYNOTE | 11:00 AM | The quest for cloud security talent: Recruiting, training & upskilling
Cloud security has quickly become its own unique cyber specialization, and organizations are desperately scavenging the cyber workforce to find IT personnel with skills and expertise in this particular area. With such high demand, it’s definitely become an employee’s market, so companies are going to have to be creative and resourceful as they seek to build their rosters of cloud security talent. This session will look at strategies for recruiting, training and upskilling cloud security professionals, while highlighting the specific job attributes and cloud-based experience you should be looking for.
PAM Best Practices to Avoid Breaches
Tony Goulding: Senior Technical Marketing Director, Delinea
Organizations transforming their business require a modern PAM-as-a-Service to better defend against data breaches and ransomware attacks. In this session, we’ll look at the dynamics forcing us to revisit our privileged access security strategy, how they are impacting us, and what to look for in a modern PAM solution to help address these concerns.
Code to cloud and back to code
Anthony Seto: Field Director for Cloud Native Application Security, SNYK
Cloud and DevOps practices blur the boundary between application development and the production cloud environment. Solutions that satisfy the needs of only the development team -or- the security & operations teams, in isolation, don’t help where organizations need it the most: reducing security risk while also increasing the speed of application delivery.
In this session, we’ll share how security teams are scaling by empowering developers to create secure applications, including the use of modern cloud technologies that are used to deploy and run application workloads. We’ll show you how you can give developers a unique security feedback loop, with direct, actionable fixes, from code to cloud, back to code. By connecting observed cloud security insights with developer-driven workflows, developers can prioritize and remediate vulnerabilities faster in cloud native workflows. This results in reduced risk due to more secure cloud environments and increased developer productivity, leading to better and faster innovation.
THOUGHT LEADERSHIP PANEL | Aligning your app development team’s needs with your CISO’s cloud security needs
Kristen Bell: Director, Application Security Engineering, GuidePoint Security
Sean Heide: Technical Research Director, Cloud Security Alliance
Ashwini Siddhi: Senior Principal Product Security Advisor & Threat Modeling Service Owner, Secure Design Services, Dell EMC
Your app developers want easy, convenient access to their cloud-based workloads and the proprietary data and source code within. On the other hand, your cyber leaders need to implement a series of safeguards in order to limit unnecessary access to projects and protect assets from intellectual property theft or sabotage. This panel session will look at how to formulate a cloud-based DevSecOps strategy that strikes the right balance between efficiency and security.
Securing Cloud Workloads With Context-Rich Insights
Maristelle Bagis Hosaka: Director, Product Marketing, Fortinet
As digital transformation and cloud adoption continue to accelerate, cybercriminals are getting smarter about the ways they are able to gain access to your network. Cloud-native protection platforms that natively integrate with Cloud Service Providers’ security services can provide a comprehensive, full-stack cloud security solution for securing cloud workloads.
However, many organizations are still struggling with data overload and security teams are not able to separate through the noise to get to the core concerns that matter most. By simplifying cloud security and proactively managing cloud risk, organizations can contextualize security findings and prioritize the most critical resources with actionable insights.
Join this discussion to learn more about:
• Insights on simplifying cloud security across cloud platforms
• Ways to Increase productivity with context-rich, actionable insights
• Actionable ways to maximize the value of your security investments
CLOSING KEYNOTE | 2:00 PM | The cloud and SMBs: new opportunities, new dangers
Cloud-based services are a godsend for many small and medium-sized businesses, since they often lack the internal resources and personnel to manage all of their business functions and data storage internally. But with these new conveniences comes a dark side — as the cloud opens up new areas of risk that end-user organizations may not be adequately prepared to tackle. Making matters worse, smaller businesses may not have the internal IT/cyber expertise to detect and quell cloud-based threats or help spread awareness about proper cloud conduct. With that in mind, this session will look at cloud-based risk from an SMB perspective, offering tips on cyber hygiene best practices that businesses of any size should be able to follow.