The third annual Cloud Security Alliance (CSA) Summit was held on October 17, 2016 at the MTCC as part of the SecTor pre-conference sessions and training day.
Brought to Toronto by SecTor and sponsored by a host of industry organizations, this year’s the 2016 summit provided an invaluable opportunity for cloud security professionals to network with peers and engage with and learn from industry leaders.
Built on a training platform like the SecTor conference, the 2016 CSA Summit featured keynote speakers, panel discussions, sponsored sessions and a networking lunch.
The aim of the Summit is to raise awareness and open discussion on the latest cloud security issues facing the Canadian market and explore what services are available.
Registration: To register for the 2016 CSA Summit visit sector.ca/register and add CSA Summit to your SecTor full conference or expo only conference registration.
SecTor 2016: Conference Sessions are held on Tuesday October 18 and Wednesday October 19, 2016. A full overview of the schedule will soon be available at sector.ca/schedule.
Venue: SecTor and the CSA Summit will be held on Level 800 in the South Building of the Metro Toronto Convention Center (MTCC) in downtown Toronto for. More information on how to get there is available at sector.ca/travel.
Monday Oct 17th 2016
10:00 – 10:15
Welcome: Matthew Hoerig – President, CSA Canada
10:15 – 11:00
Keynote #1: Adam Schwartz, “Law enforcement access to cross-border data”
11:00 – 11:45
Panel #1: “Is my cloud services provider (CSP) putting me at risk? Evaluating cloud service providers and vendors”
11:45 – 12:15
CSA Update: John Yeoh
12:15 – 13:15
Lunch and networking
13:15 – 14:00
Keynote #2: Chris Pogue, “Storytelling, Really… The Oldest Profession in the World”
14:00 – 14:30
Sponsor session: Microsoft, John Hewie, “Advancing security with an Assume Breach mindset”
14:30 – 15:00
Sponsor session: Trend Micro, Dawn Smeaton, “3 Secrets to becoming a Cloud Security superhero”
15:00 – 15:15
15:15 – 16:00
Panel #2: “Debunking Cloud Security Myths”
16:00 – 16:45
Keynote #3: Alex Woda, “Cloud Security Architecture – Best Practices”
16:45 – 17:00
Who is the Cloud Security Alliance?
The Cloud Security Alliance is a global member-driven organization, chartered with promoting the use of best practices for providing security assurance within Cloud Computing. Go to cloudsecurityalliance.org to find out more.
Speakers, Sessions, Bios
See below the list of speakers and their session from 2016 CSA Summit.
Ever wondered how the flow of massive amounts of data across international borders impacts you? Have you ever considered what happens when law enforcement officials around the world seek electronic evidence that is located in other countries? In this discussion we will take you through how the current Mutual Legal Assistance Treaties (MLATs) work, what they mean to you, and the efforts underway to modernize the process. Ongoing debate about MLAT reform raises complex issues of consumer privacy and timely police access. Resolution of this debate will have significant impacts on data service providers.
Adam Schwartz – Senior Staff Attorney, Electronic Frontier Foundation (EFF)
Adam Schwartz is a Senior Staff Attorney with the EFF’s civil liberties team. Previously, he served as a Senior Staff Attorney at the ACLU of Illinois, where he worked for 19 years. His cases at the ACLU challenged the criminalization of civilian audio recording of on-duty police, abusive border detentions of Muslim and Arab citizens caused by the federal Terrorism Screening Database, AT&T’s collaboration with the NSA’s dragnet surveillance program, and public access to information about Illinois’ Statewide Terrorism and Intelligence Center. He also advocated for policy reform regarding drones and location tracking, and wrote reports about surveillance cameras and fusion centers. His other ACLU cases addressed youth prisons, police detentions of pedestrians and motorists, free speech, religious liberty, and drug testing of public housing residents.
Adam clerked for Judge Betty B. Fletcher of the U.S. Court of Appeals for the Ninth Circuit. He has a J.D. from Howard University and a B.A. in Economics from Cornell University.
Recent research suggests that few companies are moving their most critical workloads to the cloud, and the biggest blocker is the lack of understanding of risk moving to the cloud can bring. In many cases moving to the cloud can help reduce risk, but how do you quantify that, and more importantly how do you evaluate cloud providers to understand the risk landscape? In this panel session, our experts will share strategies on evaluating and reducing risk as you move to the cloud.
Alexander Rau – Senior Manager, Mandiant
Alexander Rau is a Senior Manager with Mandiant’s Canadian Security Consulting Services practice. Mr. Rau is an IT Security professional with more than 17 years of experience in cyber and IT security, operations and management. His primary responsibilities include leading and delivering incident response and proactive security engagements, practice leadership, and business development.
Prior to joining Mandiant, Mr. Rau held positions as the National IT Security Strategist for Symantec Canada as well as Sr. IT Security Consulting and Service Delivery Management roles with IBM. He led security teams focused on vulnerability assessment, penetration testing, web application security, and IT Security standard and framework compliance (ISO 27000 series and PCI). He was also the Manager of IT for a small manufacturing company.
Mr. Rau has consulted with many large public and private sector organizations on how to address their security challenges and he holds CISSP and CISM certifications.
Since 2008, Mr. Rau has also been a part-time faculty member at Georgian College in Barrie, ON, teaching computer and network systems security. Combining his experience as Manager of IT and roles in consulting and as an IT security strategist, he is able to bring a unique perspective on how to address the ever changing security landscape and how it impacts organizations.
Chris Niggel – Director of Security and Compliance, OKTA
Chris is currently the Director of Security and Compliance at Okta, where he is responsible for corporate compliance, application assessment, and responding to customer security inquiries. Prior to Okta, Chris spent 6 years leading the adoption of Cloud Technologies at LinkedIn, helping them grow from 350 to over 6,800 employees. He started his career designing, developing, and delivering content management, system administration, and messaging solutions for customers such as Nestle, Cisco, AMD, Telus, and the US Department of Defense. He is also an active member of the Northern California ski community, where he volunteers with the Tahoe Backcountry Ski Patrol performing search & rescue, and teaching ski mountaineering & outdoor survival.
Sanjeev has 14 years of broad experience in Information Security Consulting, Cloud Security Strategy, Cloud Service Provider Strategy, IT Management consulting, Design and Architecture for Cloud Computing, Business Continuity and Disaster Recovery.
Sanjeev has Lead large scale complex engagements for Information security assessments across North America covering NIST 800-53, NIST Cyber Security Framework, Cloud Security Alliance (CSA), ISO 27000 series, ITAR, HIPAA MURA and custom Information Security Assessments for organizations of all sizes and types.
Sanjeev has designed and architected cloud solutions ranging from 2 million to 40 million for multiple medium to very large organization and cloud service providers.
Sanjeev holds Advance Diploma in Computer science with multiple certification in Information technology.
In this session John Yeoh will provide an update on the Cloud Security Alliance and their activities in Canada and across the globe.
John Yeoh – CSA Global
With over 15 years of experience in research and technology, John provides executive-level leadership, relationship management, and strategy development. He is a published author, technologist, and researcher with areas of expertise in cybersecurity, cloud computing, information security, and next generation technology (IoT, Big Data, SecaaS, Quantum). John specializes in risk management, third party assessment, GRC, data protection, incident response, and business development within multiple industry sectors, including government. His thought leadership has been presented in SC Magazine, USA today, Information Week, and others.
John’s contributions continue with involvement in professional organizations such as CSA, IAPP, ISSA, ISC2, and ISACA. John sits on numerous technology committees in government and industry with the FCC, NIST, ISO, CSA, IEEE, and CIS.
Technology is literally all around us; more so now than in any previous point in history with no signs of abating. As data sources become increasingly voluminous and diverse, being able to comprehend that enough to Tell of Story of the activities what generated that data is now exponentially more complex than it was just ten years ago. The traditional forensic approach to digital evidence is straining under this increasing volume and variety of data people generate. As a result, investigators often struggle to correlate disparate pieces of information that reveal a bigger picture. In this session, we will examine how investigators and intelligence analysts can use advanced technologies to find the hidden connections between people, objects, locations and events across all available evidence sources.
Chris Pogue – Chief Information Security Officer, Nuix
Chris Pogue is the Chief Information Security Officer, Nuix, and a member of the US Secret Service Electronic Crimes Task Force.
Chris is responsible for the company’s security services organization; he oversees critical investigations and contracts, and key markets throughout the United States. His team focuses on incident response, breach preparedness, penetration testing, and malware reverse engineering.
Over his career, Chris has led multiple professional security services organizations and corporate security initiatives to investigate thousands of security breaches worldwide. His extensive experience is drawn from careers as a cybercrimes investigator, ethical hacker, military officer, and law enforcement and military instructor.
In 2010, Chris was named a SANS Thought Leader.
Chris served in the United States Army as a Signal Corps Warrant Officer and Field Artillery Sergeant. He distinguished himself as an honor graduate from a variety of army academies and schools and received multiple awards and commendations for excellence.
Security prevention strategies and technologies cannot guarantee safety from every attack. Given today’s threat landscape, it is vital to acknowledge that a breach has either already occurred or that it’s only a matter of time until it will. Operating with this assumption will reshape detection and response strategies in a way that pushes the limits of any organization’s infrastructure, people, processes, and technologies. This talk will expand on these concepts with Microsoft’s experience operating the world’s largest cloud services.
John Hewie – National Security Officer, Microsoft
John Hewie is National Security Officer with Microsoft Canada responsible for leading the company’s strategy in country to develop trust in Microsoft technology. In this role John helps governments and businesses innovate to improve their cyber resilience and information assurance capabilities.
Learn how to leverage built in services and cloud security ‘super’ friends like Trend Micro to create an impenetrable fortress for your workloads, without hindering performance or agility. Join this session and learn three cloud security super powers that will help you thwart villains interested in your workloads. We will walk through three stories of cloud security superheroes who saved the day by overcoming compliance and design challenges using a (not so) secret arsenal of AWS and Trend Micro security tools.
Key takeaways from this session include how to:
Design a workload-centric security architecture
Improve visibility of AWS-only or hybrid environments
Stop patching live instances but still prevent exploits
Dawn Smeaton – Head of Marketing, Cloud Workload Security, Trend Micro
Dawn Smeaton is a part of a dynamic team within Trend Micro focused on cloud security. With over 15 years of experience in software marketing at business analytics and mobile software companies, she joined Trend Micro 3 years ago. At Trend Micro, Dawn works with product teams, strategic partners and customers to define and execute the go to market strategy for a number of SaaS and software offerings. Currently, Dawn is Head of Marketing for the Cloud Workload Security team.
With great change comes great opportunity, and in many cases fear, uncertainty and doubt. We have likely all heard the various myths about losing control when you move to the cloud, or that Cloud is less secure than on-premises, or that Multi-Tenant Clouds Expose Privacy Concerns. In this panel session, our experts will help debunk these and more, and provide you with guidance on addressing concerns.
Myth 1: We don’t really use the cloud
Myth 2: I lose control of my data when it goes to the cloud
Myth 3: Cloud is less secure than on-premises solutions
Myth 4: I’m at the mercy of cloud vendors for patching
Myth 5: Appliances provide greater control over scalability/performance
Myth 6: Cloud security is more difficult to manage
Myth 7: Cloud resources are more exposed to attack
Myth 8: Multi-Tenant Clouds Expose Privacy Concerns
Myth 9: Cloud vendors lack transparency
Myth 10: Appliances are more reliable than the cloud
Bil Harmer, CISSP, CISM, CIPP – Strategist, Office of the CISO
Bil Harmer serves as the Strategist at Zscaler where he runs the Office of the CISO in the Americas. In this role he engages security executives at a peer level to drive best practices and facilitate industry wide collaboration on emerging security topics. Having effectively written the book on developing and implementing Security and Privacy compliance for Cloud, he is also responsible for providing subject matter expertise through speaking engagements, blogging and media collaboration. Prior to joining Zscaler Harmer was the Chief Security Officer at GoodData Corp and the VP Security & Cloud Privacy Office for the Cloud Division of SAP. He has provided advisory services to Adallom, TrustScience, ShieldX Networks and Resolve Systems. He is CISSP, CISM and CIPP certified.
Mike Hortobagyi – Sales Engineer, Centrify
A sales engineer with over a decade of experience in information and cyber security, Mike specializes in identity management for Canada’s financial services industry. Prior to joining Centrify, Mike enjoyed consulting roles with Deloitte, Brighton and Bell Canada and is uniquely diversified across a wide range of security technologies.
Krishna Narayanswamy – Chief Scientist, Netskope
A highly-regarded researched in deep packet inspection, security, and behavioral anomaly detection, Krishna Narayanaswamy leads Netskope’s data science and user behavior research as chief scientist. Krishna brings 24 years of experience, including founding Top Layer Networks and serving as a distinguished engineer at Juniper Networks.
Neil Bunn – Chief Technology Officer, Scalar
As Chief Technology Officer, Neil’s mandate is to help drive leadership in technology for Scalar, its clients, and its partners. Within this mandate, Neil drives internal groups within Scalar to validate new technologies and trends, and to seek out higher business value both within the organization and for clients. Neil is highly focused on engaging with clients on their core business challenges and how to address them by leveraging technology solutions.
Previous to joining Scalar in 2012, Neil spent over a decade at IBM in a variety of technical architecture roles, more recently being a Client IT Architect for Retail, and one of two National Architects for High Performance Computing. His background with IBM has resulted in a strong foundation in strategic thinking and structured approaches to complex problems.
Outside of his core work at Scalar, Neil is an active participant in both industry and philanthropic ventures. Currently one of the founding members of the Toronto Chapter of the Cloud Security Alliance and contributor to the University of Toronto School of Continuing Studies curriculums in Cloud Computing. Neil has also served as a member of the Ontario Trillium Foundation, Greater Toronto Airports Authority, City of Brampton, and Habitat for Humanity Brampton in a variety of volunteer roles.
Neil is a graduate of Queen’s University with a Bachelor of Science in Electrical Engineering, is a licensed member of the Professional Engineers of Ontario, and is a Senior Member of IEEE.
This session will provide an overview of cloud computing models and present a security reference architecture for the Cloud with practical advice for designing a secure, agile and compliant cloud environment.
Attendees will better understand how to measure and evaluate the risks of cloud deployments and how to improve security.
Alex Woda, CISA, MBA
Alex Woda is an independent information systems auditor and security architect specializing in payment system security and risk management. Mr. Woda is currently on contract with TD Bank.