Topic 1:
AWS Data Perimeters - Ever-growing gateways in an increasingly ephemeral world - Jeff Maley
Interactions and application of data security controls in AWS.
For effective Information security programs, the visibility and governance of enterprise perimeters are critical. There are different types of perimeters. The perimeters could be defined by device endpoints, application endpoints, identity endpoints, workload endpoints and/or data endpoints. Any mature organization would prioritize securing data endpoints and data perimeters first and then move on to hardening other types of endpoints. With data endpoints, the variety of types is growing and the volume of data endpoints is also increasing exponentially. In this session, the speaker would focus on different types of data endpoints in AWS cloud and briefly touch on how to effectively secure them.
Jeff Maley is a security professional and IT nerd with a passion for learning new things. Jeff has worked in cloud computing for 10 years and technology for 20+ years. He has performed duties in security engineering, security architecture, and operations. He has helped organizations migrate data to a variety of cloud environments and helped ensure they remained secure, compliant, and available. Jeff is currently a Sr Security Engineer/Architect with Symmetry Systems. Previously he was Vice President of Information Security at IPG Mediabrands. He holds CISSP and AWS Certified Solutions Architect certifications.
Topic 2:
Continuous Security — Building Security into your Pipelines - Vandana Verma
In the world of continuous delivery and cloud native, the boundaries between what is our application and what constitutes infrastructure is becoming increasingly blurred. Our workloads, the containers they ship in, and our platform configuration is now often developed and deployed by the same teams, and development velocity is the key metric to success. This presents us with a challenge which the previous models of security as a final external gatekeeper step cannot keep up with. To ensure our apps and platforms are secure, we need to integrate security at all stages of our pipelines and ensure that our developers and engineering teams have tools and data which enable them to make decisions about security on an ongoing basis.
Vandana Verma is a Security Leader at Snyk, Podcast host Diversity and Inclusion Advocate and an International speaker and influencer on a range of themes in Information Security, including Application Security, DevSecOps, Cloud Security and Security Careers.
From being the Chair of the OWASP Global Board of Directors to running various groups promoting security to organising conferences to even delivering keynote addresses at several of them, she is engaged continuously and proactively in making the global application security community a better place for individuals, organizations and societies.