Oct 28, 2021
Our world has transformed over the past year to adapt to the realities of working under a global pandemic. The way we interact with people, the processes we’ve developed and the technology we consume are all under significant strain as we collectively work to build trust and security into and around each of these areas. It has become abundantly clear that we’ll never be able to go back to work as we know it and as such, the time has come for us to Reset Normal.
Getting into Dev OPS
Sep 15, 2021
Speaker: Mark Warner, Customer Solutions Engineer at Red Canary
Description: DevOps established infrastructure that is fast, and easy to deploy and maintain. And it is increasingly complex. Further, many DevOps programs face a high risk of threats as security has not been successfully integrated into the infrastructure and workflows. Achieving a secure infrastructure as code state would reduce the risk of threats, improve visibility and reduce alert fatigue for security operations teams.
2021 Cloud Conference - An ISACA GWDC and CSA-DC Joint Event
Sep 9, 2021
Join us on Sept 9th for the 2021 Cloud Conference! Cloud computing presents a tremendous opportunity with 94% of all enterprises currently using cloud services as organizations continue to migrate their data and operations to the cloud.
- 0830-0930: FedRAMP Strategic Initiatives
- 0930-1030: Lessons Learned on Cloud Security and Assessment
- 1030-1130: Automating Security Assessment with NIST’s Open Security Controls Assessment Language (OSCAL)
- 1130-1230: NIST OSCAL in Action: Tools to Deliver Continuous ATO Documentation
Account Takeover in Office 365
Aug 18, 2021
Speaker: Samuel M. Schneider, Vectra.ai
We'll navigate through uncharted security territory by analyzing the attack lifecycle in the cloud and dissecting a real-world attack. The same technology that makes the cloud dynamic can have the opposite effect on an organization’s ability to implement detection and response in cloud environments. This includes the adding additional layer of preventative controls in addition to MFA, because it's increasingly being bypassed in O365 as an example.
Moving from Cyber Security to Cyber Resiliency in the Cloud
July 14, 2021
Speaker: Grant Asplund, Chief Cyber Security Evangelist, Check Point
How can cyber security catch up to the business, while still maintaining a dynamic, resilient and secure operation? Transitioning and operating in the cloud is no longer just about moving from your on-premises data centers. It’s about optimizing connections between branch offices to home offices, and accelerating the development and deployment of applications – all while remaining secure and compliant!
Join us and find ways to squeeze the full business benefits out of cloud through consolidation, visibility, automation and intelligence.
Cloud Security Masterclass: Pen Testing your Cloud
June 8, 2021
Speaker: Josh Stella, Co-founder and CEO, Fugue
Pen testing is standard security practice for simulating attacks to identify system vulnerabilities, and most industry compliance audits require them. But most pen testing efforts overlook the number one risk in the cloud: resource misconfiguration.
In this talk, Fugue CEO Josh Stella will walk through what pen testing your cloud security posture looks like, how to approach it in house, and how to evaluate vendors to ensure they understand cloud misconfiguration and how to exploit it. Josh will demonstrate using real-world misconfiguration exploit examples and actionable information you can use to begin incorporating your cloud attack surface pen testing plan.
SaaS Security Management - The “Forgotten” Critical Stack
May 11, 2021
Speaker: Tim Bach, VP of Engineering, AppOmni
SaaS applications such as Salesforce, Microsoft365, Workday, Service Now, Box and Slack support the vital activities of every line of business within the organization. Their ubiquity and convenience make these applications almost invisible to those who rely on them and they are used almost without thought. This transparency creates a paradox, however. By almost any objective criteria - sensitivity of data, importance to business operations, need for data integrity, etc. - these applications and the data they contain are part of the critical IT infrastructure stack. However, compared to both on prem installations, and IaaS, SaaS typically receives significantly less attention from security organizations.
Tim Bach, AppOmni VP of Engineering, will discuss best practice recommendations to proactively monitor your SaaS security posture. SaaS Security Management is key to reducing risk by eliminating data access misconfigurations and providing visibility into cloud to cloud third party app connections, which are prevalent in the SaaS world.
How Do I Trust the Cloud?
Apr 28, 2021
An ISACA GWDC and CSA-DC Joint Event
As more regulated organizations adopt cloud-based services, questions continue to arise around how to properly secure and audit systems that aren’t completely under the ownership of the customer. As such, CSA’s Washington DC Metro Area Chapter (CSA-DC) and ISACA’s Greater Washington DC Chapter (ISACA-GWDC) have joined forces to answer the question that is on most people’s minds: How do I trust the Cloud? Learn directly from the CEO of CSA and the CEO of ISACA around 2021 Cloud Computing Trends and the new, jointly developed Certificate of Cloud Auditing Knowledge (CCAK), followed by panels of thought leaders from the largest cloud providers and auditors in the world. This is an event you won’t want to miss.
Not all AI is Created Equal – Understand the Differences of AI/ML/DL
Apr 13, 2021
Speaker: Brian Black, Distinguished Sales Engineer, Deep Instinct
Machine learning is a big step forward in combatting cyberattacks, but is still no silver bullet. Many traditional cybersecurity solutions available today are causing huge operational challenges as they are not adequately fighting against today’s complex and sophisticated threats. Detection and response-based solutions are no longer sufficient as damage can already be done while waiting for the execution of an attack. Executives and security leaders need to start adopting a preventative approach to cybersecurity, which is made possible through Deep Learning.
Fortunately, AI technologies are advancing, and deep learning is proven to be the most effective cybersecurity solution, resulting in unmatched prevention rates with proven lowest false positive rates. As you evaluate new technologies for your organization, understand the differences and benefits of AI/ML/DL.
Cloud Breach Incident Response & Forensics
March 16, 2021
Speaker: Mike Raggo, Cloud Security Engineer, CloudKnox Security
Cloud breaches are on the rise, and none of these breaches are small. Understanding the TTPs is key to determining where to look among the plethora of services available through Cloud Service Providers such as AWS and Azure. In this session we'll enumerate sources of forensic evidentiary data among the vastness of AWS Cloudtrail, GuardDuty, Microsoft Graph, and more.
A very clearly defined methodology will be provided as a baseline for combing through this data in a precise and expedited way. Examples from real world breaches will be highlighted providing practical approaches to exposing the attacker's methods and compromise.
Level Up Your Detection and Response in SaaS Apps
Jan 27, 2021
Speaker: Ben Johnson, CTO & Co-Founder, Obsidian Security
SaaS powers the modern workplace, as organizations move their critical business systems such as email, collaboration, sales and marketing to third-party SaaS applications. With more and more of the business data sitting in these cloud applications, threat-focused teams need to figure out how to run detection and incident response workflows on systems they don’t own and control.
Obsidian CTO and former NSA engineer Ben Johnson will discuss how you can get better at detecting, investigating, and responding to unwanted behavior such as unauthorized access across multiple SaaS platforms using native cloud capabilities and third-party systems.
Dealing with an Adolescent Cloud
Dec 15, 2020
Speaker: Ross Young, CISO of Caterpillar Financial Services Corporation
Are you dealing with Adolescent cloud? Would you like to learn how to secure the cloud? Join this webinar hosted by Ross Young on Dec 15th at 12noon EST to learn more.
What you will learn:
Go in depth on AWS's 7 secure design principles and walk through a variety of open-source tools that your organization can deploy to secure a cloud environment. For each principle we will demonstrate a Fundamental and Advanced approaches to transform any organization
Public Cloud: The Good, The Risks, The Audit
Sep 17, 2020
The global public cloud computing market is set to exceed $330 billion in 2020. Federal Agencies are rapidly accelerating the adoption of cloud-based services. Our speakers will highlight the latest trends and audit techniques.
This joint ISACA Greater Washington DC (ISACA-GWDC) and Cloud Security Alliance - DC Metro Area (CSA-DC) conference will enable participants to learn about the latest trends in cloud computing. Learn from leaders in the public and private sector as they share to you their insights from cloud implementation to its security.
Security in a Multi-Cloud Environment
Apr 23, 2020
On-premise, off-premise, hybrid cloud, oh my! Organizations are faced with modernizing legacy applications while maintaining control and security of their data. What are the security, policy, and technical ramifications of designing applications to run in a multi-cloud environment? How do you integrate cloud-native applications with on-premise infrastructure? How do you securely move applications and data across clouds while maintaining encryption and control?
Come join a spirited discussion with a panel of distinguished practitioners who have tackled these issues head-on in heavily regulated environments just like yours.
5:30 - 5:45: Welcome & Introductions, Anil Karmel, President CSA-DC
5:45 - 6:00: Lightning Talk: Sponsor, Platinum Sponsor
6:00 - 6:15: Ben Johnson, Chief Technology Officer, Obsidian Security, Gold Sponsor
6:10 - 6:30: Lightning Talk: Cricket Liu, EVP Engineering, Chief DNS Architect & Sr. Fellow, Infoblox
6:30 - 6:45: Lightning Talk: Anton Chuvakin, Security Strategy, Chronicle (Google) & Former Research Vice President and Distinguished Analyst, Gartner
6:45 - 6:55: CSA-DC Research, Dr. Mari Spina, CSA-DC Research Committee Chair
6:55 - 7:00: Event Wrap-Up, Member of CSA-DC Leadership