Speakers, Sessions, Bios

While most of the world focuses on how to secure their application when migrating it to the cloud, public cloud providers face their own challenges in maintaining a secure cloud. This talk describes the variety of security problems that security experts consider when designing a public cloud. It also includes a case study of actual problems found after deploying a public cloud, and these were very different.

Charlie Kaufman – Security Architect, Dell/EMC

Charlie Kaufman, security architect for the Next Generation Midrange Storage Business Unit at Dell/EMC, works on securing the current and future generations of midrange storage arrays. He has been involved with computer networking and security issues for over 25 years and holds over 50 patents in those fields. At Microsoft, he was the security architect for Windows Azure – Microsoft’s Public Cloud offering – where he was involved with all aspects of cloud security from design through responding to ongoing attacks. At Lotus, he was chief security architect for Lotus Notes and Domino and later the entire Lotus product suite. At Digital, he was the Security Architect for their networking group and later for Digital’s UNIX offering.

He has contributed to several IETF standards efforts including IPsec, S/MIME, and DNSsec and served as a member of the Internet Architecture Board. He is co-author of the popular textbook “Network Security: Private Communication in a Public World” and served on the National Academy of Sciences expert panel that wrote the book “Trust in Cyberspace”.

Does AI really make everything better? In security terms, the ability to spot anomalies in vast amounts of log data or look for patterns of behavior in systems can be extremely useful. However, AI isn’t necessarily the solution to all security challenges. In this panel session, our experts will outline both the real world uses for AI, and separate fact from fiction.

Dave Lewis (Moderator)

Dave Lewis has twenty five years of industry experience. He has extensive experience in IT security operations and management including a decade dealing with critical infrastructure. Lewis is a Global Advisory CISO for Duo Security (now Cisco). He is the founder of the security site Liquidmatrix Security Digest and cohost of the Liquidmatrix podcast. Lewis serves on the advisory boards for Cortex Insight and Dateva Inc. Lewis writes columns for Forbes, Daily Swig and several other publications.

David Masson – Director of Enterprise Security, Darktrace

David Masson is Darktrace’s Director of Enterprise Security and has over two decades of experience working in fast moving security and intelligence environments in the UK, Canada and worldwide. With skills developed in the civilian, military and diplomatic worlds, he has been influential in the efficient and effective resolution of various unique national security issues. Dave is an operational solutions expert and has a solid reputation across the UK and Canada for delivery tailored to customer needs. At Darktrace, David advises strategic customers across North America and is also a regular contributor to major media outlets in Canada where he is based, including CBC and The Globe and Mail. He holds a master’s degree from Edinburgh University.

Stewart Cawthray, CISSP, CISM, CRISC, CEH – Associate Partner – North American Security Services, IBM

An experienced security professional, having supported security operations, threat hunting and security architecture for enterprise customers for over 15 years. Stewart currently leads IBM’s security service practice for financial services customers in Canada. Stewart assists financial services customers to securely modernize applications, move operations to the cloud and introduce efficiencies to their security program through AI and Machine Learning capabilities.

Matt Broda – Technical Fellow – Security, Bell

Matt Broda is a Technical Fellow in Security at Bell. Matt is responsible for Bell’s strategic security direction focused on business markets. Matt has devoted the last 19 years of his career to making cyberspace a safer place. In his work with international government and private sector organizations, Matt has helped to advance the state of security and privacy in key areas, including cloud and mobile computing, VoIP and multimedia communication, and critical information infrastructure protection. Before joining Bell, Matt held leadership positions focused on security with Nortel’s Chief Technology Office, Microsoft’s Trustworthy Computing and as an entrepreneur and advisor. Matt holds an MBA from Ottawa.

Alex Bermudez – Privacy Consulting Manager, OneTrust

Alex Bermudez serves as Privacy Consulting Manager of the Americas at OneTrust – the global leader in privacy management and marketing compliance software. In his role, Bermudez leads OneTrust’s team of Solution Consultants across the Americas, working with emerging and enterprise companies on data protection regulation solution implementations, focused on building and scaling global privacy programs.

Bermudez has presented on a variety of privacy and security topics, providing deep insight into regulatory issues and practical approaches to compliance. Additionally, he helps facilitate OneTrust’s PrivacyConnect workshops across North America. Prior to OneTrust, Bermudez spent several years at a leading Healthcare Information Technology services organization where he gained valuable experience working with national healthcare providers to implement HIPAA-compliant workflow solutions. Bermudez is a Certified Information Privacy Professional (CIPP/E, CIPM) and holds a B.S. from the University of South Carolina.

Cloud computing has recently surpassed traditional on-premise computing as the dominant IT system. Additionally, Cloud now forms the foundation of leading cybersecurity solutions and is the platform of choice to secure all forms of computing, including Internet of Things. In this presentation, Cloud Security Alliance discusses the challenges and opportunities ahead for a “Cloud first” cybersecurity strategy and the surprising role Blockchain will have in reshaping the cybersecurity industry. We will also provide a preview of CSA’s research roadmap convergence on Cloud and Blockchain.

Jim Reavis – Co-founder and Chief Executive Officer, CSA
For many years, Jim Reavis has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim’s innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many. Jim is helping shape the future of information security and related technology industries as co-founder, CEO and driving force of the Cloud Security Alliance. Jim has been named as one of the Top 10 cloud computing leaders by SearchCloudComputing.com.

Jim is the President of Reavis Consulting Group, LLC, where he advises security companies, governments, large enterprises and other organizations on the implications of new trends such as Cloud, Mobility, Internet of Things and how to take advantage of them. Jim founded SecurityPortal, the Internet’s largest website devoted to information security in 1998, and guided it until a successful exit in 2000. Jim has been an advisor on the launch of many industry ventures that have achieved a successful M&A exit or IPO. Jim is widely quoted in the press and has worked with hundreds of corporations on their information security strategy and technology roadmap. Jim has a background in networking technologies, marketing, product management and systems integration. Jim received a B.A. in Business Administration / Computer Science from Western Washington University in 1987 and formerly served on WWU’s alumni board. Jim was recognized as a WWU Distinguished Alumnus in 2015. In 2016, Jim was inducted into the Information Systems Security Association (ISSA) Hall of Fame.

Sure, there are plenty of sessions out there on the latest and greatest cloud native architectures, but the practical reality is most organizations first start their cloud journey by migrating… really old stuff. This pragmatic session focuses on the often-painful reality of lifting and shifting existing workloads to the cloud. Based on nearly a decade of hands-on experience we’ll cover the recommended architecture and technologies to reduce the pain and increase your odds of success.

Rich Mogull
Rich has twenty years of experience in information security, physical security, and risk management. These days he specializes in cloud security and DevSecOps, having started working hands-on in cloud nearly 10 years ago. He is also the principle course designer of the Cloud Security Alliance training class, primary author of the latest version of the CSA Security Guidance, and actively works on developing hands-on cloud security techniques. Prior to founding Securosis, Rich was a Research Vice President at Gartner on the security team. Prior to his seven years at Gartner, Rich worked as an independent consultant, web application developer, software development manager at the University of Colorado, and systems and network administrator.

Rich is the Security Editor of TidBITS and a frequent contributor to industry publications. He is a frequent industry speaker at events including the RSA Security Conference, Black Hat, and DefCon, and has spoken on every continent except Antarctica (where he’s happy to speak for free — assuming travel is covered).

Cloud services add new dimensions that can have a huge impact on planning for and executing on incident response. For example, do you know where the service logs files are located, and what is in them? Did you subscribe to the correct options for storage, or are your SIEMs successfully collating activity across all your services? Our experts in this panel will use their experience to walk you through the do’s, don’ts, and gotchas often associated with successfully (or unsuccessfully) handling incidents in a cloud world.

Laura Payne (Moderator)

Laura Payne is a Director of Information Security Services at the Bank of Montreal. She has over 10 years of experience in the financial services industry covering a variety of roles in IT operations and information security. Laura holds a degree in Systems Design Engineering from the University of Waterloo. When not at work, she enjoys spending time with her family, volunteering in the community, and wilderness camping.

Daryl Novak – Director of Information Security, New Signature
Daryl is currently Director of Information Security for New Signature, where he is building a better managed security service provider. Prior to that, he spent nearly a decade in the mining industry, working on everything from secure messaging systems to cryptotech, often in unusual places. Daryl graduated from Herzing University in 2003 with a diploma in Network Systems Technology and has been seeking out new and interesting applications of cryptography for good and for evil ever since.

Graham Thompson – Principal Security Architect, Intrinsec
Graham Thompson is a Principal Security Architect with over 25 years of Information Technology experience assessing, recommending, designing and implementing secure system and network solutions. Since 2010, Graham has been exclusively focused on cloud security. He is an authorized CCSK and CCSP trainer, is a contributing author of the CCSP CBK and is the author of the upcoming CCSK All-in-One Exam Guide by McGraw-Hill. In addition to education and training, Graham continues to work with large enterprises and government agencies on secure cloud services, ranging from governance, assessment through to implementation. Graham holds his CISSP, CCSK, CCSP and an embarrassingly long list of designation letters that may or not be retired by now.

Mike Jones – Director of Product Management, Agari

Mike Jones is the Director of Product Management for Agari, where he is responsible for the strategy, roadmap and feature definition of the Agari platform. Mike has represented Agari in the DMARC.org working group and as a Co-Chair of the OTA Email Security Committee. Prior to Agari, he was Technical Director of Anti-Spam Operations at AOL and served on the board of directors for Messaging Anti Abuse Working Group (MAAWG). Mike holds a Bachelor of Science degree in Chemical Engineering from the University of Arizona, and a Master of Science degree in Management of Information Technology from the University of Virginia.

I used to think the cloud was a marketing term for someone else’s computer, and that I knew my place in the world, doing what I loved to do. Now imagine realizing that your whole approach to security and computers, was now wrong. That you had been invalidated by the rapid change of information technology, and a strategy for security that despite being successful, was an impending failure. I made a horrible mistake. I took pride in helping people protect their business, but now I will take ownership for mistakes about to be made. I feel like I forgot the technology was there to serve the needs of the customer and started to think the customer needed the technology. It’s backwards, and we need to go back to delivering services that enable the business goals, including reduction of costs, before we end up bankrupting the whole thing under crippling IT costs. And if that means I need to change everything I worked so hard to build, well so be it.

What to Expect: You will be challenged to think differently about technology and be exposed to transformative IT concepts as related to the cloud. This session aims to be disruptive, and arguments are encouraged.

Kellman Meghu

Raised my children with a firewall; shamed a large airline into using SSL for check-in; front line for the security as some of the biggest corporations went online for the first time; 20 years of helping every sector define, deploy, and defend their infrastructure; thinks learning a new programming language is a great way to relax on holiday; dreams in key/value pairs; obsessed with putting everything in containers; loving every minute of it.