Topic 1: Identity Beyond Borders - An Evolving Strategy for Assessing Digital Identity Risk
Brief: Basics on navigating and identifying identity related controls in an enterprise environment within the three major cloud vendor environments Tools and features that are available to help with auditing digital identity controls in an enterprise customer environment Gain foundational insight to confidently begin to build a cloud-focused audit plan for identity in the three major cloud providers.
Speaker Bio:
Shinesa Cambric (CCSP, CISSP, CISA, CISM, CDPSE) is a cybersecurity innovator and emerging technology leader within Microsoft, and author of the new book: "Cloud Auditing Best Practices". As a Principal Product Manager and Digital Identity Architect, Shinesa currently leads a team that is focused on designing solutions for global organisations to identify, detect, protect, and respond to emerging threats against identity and access (with two patents pending). Her experience includes strategic technical design and implementation of identity protection solutions, building insider threat programs, and providing unique subject matter expertise on the intersection of governance, risk, and compliance with IT and application security. She is passionate about leading and supporting global teams, defining road maps for successful identity and access management programs, and architecting security strategies for emerging technologies. Shinesa is also an advocate for diversity in cyber and uses her unique perspective to advise startups, serves as a board member for cybersecurity non-profit organisations, and shares her expertise through content advisory with certifying organisations such as CompTIA, Cert Nexus, Cloud Security Alliance. She is a contributing author to the book “97 Things Every Information Security Professional Should Know” and eBook “Shifting Security Left”. Her work has been included in global IT industry forums such as SANS, ITSPMagazine Podcast, RSAC, BrightTALK, Secure Software Summit, DevOps.com, KBKast, and Women In Security Magazine and she will be a presenter at the upcoming RSAC 2023 conference.
Topic 2: Setting up a cloud security program using NIST CSF
Brief: We will talk about how NIST CSF at a high level. Then deep dive into how to use this framework for public cloud. We will be using AWS terminology. Post that we will be do a case study on how we implemented and matured a cloud security program Key takeaways:
- You will be able know what security is in cloud
- You will know how to create a roadmap using NIST CSF in the cloud
- Practical case study using risk as a mechanism to prioritize the roadmaps
Speaker Bio:
Saran has 17+ years of IT Experience with 7 years into Software Development and 10 Years into Information Security, building and managing security programs
- Setting up security program from scratch, maturing to larger enterprises
- Setting and managing security end to end GRC, Cloud Security, Product Security, DevSecOps, IR - Sales enablement
- Enabling business, ensuring sales enables the business going, prevent data loss and protect brand reputation
- Expertise in setting up application security programs from scratch by building partnerships, including security into routine processes, and maintaining security and enabling business
- Scaling the program to enterprises along with program and process, automation and tools are key for scaling. Identifying state of art tools in wide areas of security(IAST, SAST, DAST, VA-PT, OSS, Cloud security, monitoring, auto remediation) and devsecops to shift left security
- Expertise in AWS, Cloud Security, Cloud compliance, dev-sec-ops automation to prevent, detect, auto remediate while enabling business processes.
- Managing client security audits and pen tests and providing them with remediation or compensating controls
- Strong Risk Management skills: Experience in describing the identified security risks to clients/partners/internal-stakeholders and negotiating
- Experience in building automation tools for security