Speakers, Sessions, Bios

While most of the world focuses on how to secure their application when migrating it to the cloud, public cloud providers face their own challenges in maintaining a secure cloud. This talk describes the variety of security problems that security experts consider when designing a public cloud. It also includes a case study of actual problems found after deploying a public cloud, and these were very different.

Charlie Kaufman – Security Architect, Dell/EMC

Charlie Kaufman, security architect for the Next Generation Midrange Storage Business Unit at Dell/EMC, works on securing the current and future generations of midrange storage arrays. He has been involved with computer networking and security issues for over 25 years and holds over 50 patents in those fields. At Microsoft, he was the security architect for Windows Azure – Microsoft’s Public Cloud offering – where he was involved with all aspects of cloud security from design through responding to ongoing attacks. At Lotus, he was chief security architect for Lotus Notes and Domino and later the entire Lotus product suite. At Digital, he was the Security Architect for their networking group and later for Digital’s UNIX offering.

He has contributed to several IETF standards efforts including IPsec, S/MIME, and DNSsec and served as a member of the Internet Architecture Board. He is co-author of the popular textbook “Network Security: Private Communication in a Public World” and served on the National Academy of Sciences expert panel that wrote the book “Trust in Cyberspace”.

Does AI really make everything better? In security terms, the ability to spot anomalies in vast amounts of log data or look for patterns of behavior in systems can be extremely useful. However, AI isn’t necessarily the solution to all security challenges. In this panel session, our experts will outline both the real world uses for AI, and separate fact from fiction.

David Masson – Director of Enterprise Security, Darktrace

David Masson is Darktrace’s Director of Enterprise Security and has over two decades of experience working in fast moving security and intelligence environments in the UK, Canada and worldwide. With skills developed in the civilian, military and diplomatic worlds, he has been influential in the efficient and effective resolution of various unique national security issues. Dave is an operational solutions expert and has a solid reputation across the UK and Canada for delivery tailored to customer needs. At Darktrace, David advises strategic customers across North America and is also a regular contributor to major media outlets in Canada where he is based, including CBC and The Globe and Mail. He holds a master’s degree from Edinburgh University.

Stewart Cawthray, CISSP, CISM, CRISC, CEH – Associate Partner – North American Security Services, IBM

An experienced security professional, having supported security operations, threat hunting and security architecture for enterprise customers for over 15 years. Stewart currently leads IBM’s security service practice for financial services customers in Canada. Stewart assists financial services customers to securely modernize applications, move operations to the cloud and introduce efficiencies to their security program through AI and Machine Learning capabilities.

Sure, there are plenty of sessions out there on the latest and greatest cloud native architectures, but the practical reality is most organizations first start their cloud journey by migrating… really old stuff. This pragmatic session focuses on the often-painful reality of lifting and shifting existing workloads to the cloud. Based on nearly a decade of hands-on experience we’ll cover the recommended architecture and technologies to reduce the pain and increase your odds of success.

Rich Mogull
Rich has twenty years of experience in information security, physical security, and risk management. These days he specializes in cloud security and DevSecOps, having started working hands-on in cloud nearly 10 years ago. He is also the principle course designer of the Cloud Security Alliance training class, primary author of the latest version of the CSA Security Guidance, and actively works on developing hands-on cloud security techniques. Prior to founding Securosis, Rich was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator.

Rich is the Security Editor of TidBITS and a frequent contributor to industry publications. He is a frequent industry speaker at events including the RSA Security Conference, Black Hat, and DefCon, and has spoken on every continent except Antarctica (where he’s happy to speak for free — assuming travel is covered).

Cloud services add new dimensions that can have a huge impact on planning for and executing on incident response. For example, do you know where the service logs files are located, and what is in them? Did you subscribe to the correct options for storage, or are your SIEMs successfully collating activity across all your services? Our experts in this panel will use their experience to walk you through the do’s, don’ts, and gotchas often associated with successfully (or unsuccessfully) handling incidents in a cloud world.

Daryl Novak – Director of Information Security, New Signature
Daryl is currently Director of Information Security for New Signature, where he is building a better managed security service provider. Prior to that, he spent nearly a decade in the mining industry, working on everything from secure messaging systems to cryptotech, often in unusual places. Daryl graduated from Herzing University in 2003 with a diploma in Network Systems Technology and has been seeking out new and interesting applications of cryptography for good and for evil ever since.

Graham Thompson – Principal Security Architect
Graham Thompson is a Principal Security Architect with over 25 years of Information Technology experience assessing, recommending, designing and implementing secure system and network solutions. Since 2010, Graham has been exclusively focused on cloud security. He is an authorized CCSK and CCSP trainer, is a contributing author of the CCSP CBK and is the author of the upcoming CCSK All-in-One Exam Guide by McGraw-Hill. In addition to education and training, Graham continues to work with large enterprises and government agencies on secure cloud services, ranging from governance, assessment through to implementation. Graham holds his CISSP, CCSK, CCSP and an embarrassingly long list of designation letters that may or not be retired by now.

Mike Jones – Director of Product Management, Agari

Mike Jones is the Director of Product Management for Agari, where he is responsible for the strategy, roadmap and feature definition of the Agari platform. Mike has represented Agari in the DMARC.org working group and as a Co-Chair of the OTA Email Security Committee. Prior to Agari, he was Technical Director of Anti-Spam Operations at AOL and served on the board of directors for Messaging Anti Abuse Working Group (MAAWG). Mike holds a Bachelor of Science degree in Chemical Engineering from the University of Arizona, and a Master of Science degree in Management of Information Technology from the University of Virginia.

I used to think the cloud was a marketing term for someone else’s computer, and that I knew my place in the world, doing what I loved to do. Now imagine realizing that your whole approach to security and computers, was now wrong. That you had been invalidated by the rapid change of information technology, and a strategy for security that despite being successful, was an impending failure. I made a horrible mistake. I took pride in helping people protect their business, but now I will take ownership for mistakes about to be made. I feel like I forgot the technology was there to serve the needs of the customer and started to think the customer needed the technology. It’s backwards, and we need to go back to delivering services that enable the business goals, including reduction of costs, before we end up bankrupting the whole thing under crippling IT costs. And if that means I need to change everything I worked so hard to build, well so be it.

What to Expect: You will be challenged to think differently about technology and be exposed to transformative IT concepts as related to the cloud. This session aims to be disruptive, and arguments are encouraged.

Kellman Meghu

Raised my children with a firewall; shamed a large airline into using SSL for check-in; front line for the security as some of the biggest corporations went online for the first time; 20 years of helping every sector define, deploy, and defend their infrastructure; thinks learning a new programming language is a great way to relax on holiday; dreams in key/value pairs; obsessed with putting everything in containers; loving every minute of it.