ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Speakers

Andrew Weiss
Andrew Weiss

Lead Federal Solutions Engineer Docker

View

Andrew Weiss

Andrew leads the Federal solutions engineering team at Docker. He is an (ISC)² Certified Authorization Professional (CAP) and an active participant in the Federal IT security and compliance ecosystem. Andrew is also a core contributor to the NIST Open Security Controls Assessment Language (OSCAL)

Brian Ruf
Brian Ruf

FedRAMP / OSCAL Liaison FedRAMP PMO

View

Brian Ruf

Brian began his 30 year IT career as a programmer and network engineer. In the late 90’s he was part of a core team applying cyber security to a (then) next generation air traffic control system. Since 2000, he has led efforts for government agencies, pharmaceutical companies, telecommunication providers, and financial institutions on topics involving the intersection of risk management, cyber security, system development lifecycle methodologies, and process re-engineering. Brian joined the FedRAMP PMO in July 2015, where he was instrumental in the success of FedRAMP Accelerated and related improvements. Brian represents FedRAMP on the OSCAL development team.

Cornel du Preez
Cornel du Preez

Senior Penetration Testing Engineer NorthState Technology Solutions

View

Cornel du Preez
David Schroth
David Schroth

CISA Design Compliance and Security, LLC

View

David Schroth

David is an experienced IT advisor with experience in IT auditing, compliance, security and risk management. He has a significant amount of experience SSAE 18 attestations (SOC 1/2/3), IT vendor management and compliance assurance program management. David focuses on building proactive compliance programs for organizations with legal and regulatory requirements.

David Walterrmire
David Walterrmire

Lead, Standards and Outreach for the Security Automation Program; Technical Lead, Open Security Controls Assessment Language  National Institute of Standards and Technology

View

David Walterrmire
Faraz Aladin
Faraz Aladin

Director, Product Marketing Illumio

View

Faraz Aladin

Faraz Aladin is part of Illumio’s product and technical marketing team. He has more than 25 years of industry experience having worked at industry leaders as well as start-ups. His subject matter expertise spans across Networking & Cloud Infrastructure, Data Center Architectures, Security and Collaboration technologies. He is a CCIE and holds an engineering degree from Bombay University.

Felice Flake
Felice Flake

CEO ScySec LLC

View

Felice Flake

Felice Flake, Candidate, MBA, MSci, B.A., CEO of ScySec LLC, is a highly sought after and proven leader in the security field. Felice has extensive experience in both the government and private sectors. She is the President of the Tampa Bay ISSA Chapter, and the Chairperson of the International Chapters Sub-Committee, ISSA International, Chairperson. She also serves as the Chairperson of the Scholarships & Awards Committee, Women in Defense-Central Florida Chapter, and the Peerlyst Tampa Ambassador. Some of Felice’s most recent speaking engagements include the Tampa Small Business Symposium, Tampa (ISC)2 B-Sides event, and the 2018 Women in Cybersecurity Conference (WiCyS) Conference in Chicago. She is a contributing author to the 2016 book, Women in Security. Felice is a member of the National CyberWatch Center's Curriculum Standards Panel (NCC-CSP) for the Cybersecurity Foundation Series. Felice is also an invited member of the University of South Florida Cybersecurity Education Advisory Board, the Tampa Military Spouse Economic Empowerment Zone (MSEEZ) Working Group, and the University of South Florida Cybersecurity for Executives Advisory Committee. She is also a nominee for the “2018 Tampa Bay Business Woman of the Year” Award and serves on the leadership team for the 2018 Diana Initiative Conference co-located with DEFCON.

Gordon Shelvin
Gordon Shelvin

President and Chief Scientist  Security and Analytics, LLC

View

Gordon Shelvin

Gordon W. Skelton, CISSP, PhD, Computer Science, University of South Africa. Extensive experience in software development, cyber security, data analytics. Served as VP for IS, Mississippi Valley Title Insurance, adjunct professor at Belhaven College, University of Mississippi’s Telecommunications Graduate Program, full professor in the ECE Department, Jackson State University. Taught computer programming, data analytics, cyber security courses, directed research for US Army Space and Missile Command, US Department of Homeland Security, and US Army Corps Engineer Research and Development Center (ERDC). Lead Investigator cyber security and data analytics. 2017 established Security and Analytics, LLC, concentrating on cyber security data analytics.

Marnie Wilking
Marnie Wilking

CISO Orion Health

View

Marnie Wilking
Michaela Iorga
Michaela Iorga

Senior Security Technical Lead for Cloud Computing National Institute of Standards and Technology

View

Michaela Iorga
Paul Flanagan
Paul Flanagan

Assistant Professor of Law Drexel Law School

View

Paul Flanagan
Reg Harnish
Reg Harnish

CEO GreyCastle Security

View

Reg Harnish

Reg Harnish is the CEO of GreyCastle Security, a leading cybersecurity risk assessment, advisory and mitigation firm headquartered in Troy, New York. Under his leadership, the company has experienced six consecutive years of triple-digit growth and countless industry accolades.

ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Seminars

  • Wed 17th Oct 09:40 - 10:30
  • It’s a Small World: Global Privacy Regulation in 2018 Felice Flake  |   ScySec LLC  |   ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

    ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Theatre

    Wed 17th Oct 09:40 to 10:30

    It’s a Small World: Global Privacy Regulation in 2018

    2018 is shaping up to be the year of watershed moments in data privacy regulations throughout the world. From the European Union’s long-awaited Global Data Privacy Regulation (GDPR) to the recent passages of legislation in Brazil and California, we will cover the highlights, the similarities, and the political pressures surrounding privacy regulation throughout our international community.

    Speaker

    Speaker Name Profile
    Felice Flake View Profile
  • Wed 17th Oct 10:40 - 11:30
  • Transcending Cyber / Privacy / Compliance Silos with a Corporate Compliance Framework Paul Flanagan  |   Drexel Law School  |   ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

    ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Theatre

    Wed 17th Oct 10:40 to 11:30

    Transcending Cyber / Privacy / Compliance Silos with a Corporate Compliance Framework

    The need for privacy and cybersecurity compliance measures has become a paramount consideration as businesses becomes more digitally driven, data breaches become more publicized and regulation continues to increase. Company executives, boards of directors, employees, customers, and third-party providers all have data security obligations. It is critical for compliance, privacy and cyber security to work together to develop a proactive compliance framework to minimize risk as the technology continues to grows by leaps and bounds. In this session, learn how to navigate through complex regulatory environments and enhance policies that adapt to this ever-changing technology footprint. Define cybersecurity measures in the compliance and audit plan
    Assess the rise of privacy concerns across the globe
    Prepare for the risks associated with emerging technologies (IoT, social media, cloud computing, mobile applications, social engineering, etc.)
    Discuss the increasing regulatory requirements to ensure compliance

    Speaker

    Photo Speaker Name Profile
    Paul Flanagan Paul Flanagan View Profile
  • Wed 17th Oct 11:40 - 12:30
  • All Your Cloud Are Belong to Us: Using AWS for Attack and Defense Cornel du Preez  |   NorthState Technology Solutions  |   ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

    ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Theatre

    Wed 17th Oct 11:40 to 12:30

    All Your Cloud Are Belong to Us: Using AWS for Attack and Defense

    Today’s trendy race-to-the-cloud mentality is burdening today’s security teams. Quantifying risk is an assumption nightmare and securing an ever-changing environment feels like a lost cause. Worst of all, this break-neck migration often results in misconfigured services that leave organizations exposed to breach. Without tools and strategies to protect, detect and respond to cloud threats, security teams are drowning in the noise. Instead of chasing the cloud, this talk highlights the practical tools and strategies for red and blue teams to leverage the cloud.

    Speaker

    Photo Speaker Name Profile
    Cornel du Preez Cornel du Preez View Profile
  • Wed 17th Oct 01:00 - 01:50
  • Achieving Compliance Quickly and at Scale Faraz Aladin  |   Illumio  |   ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

    ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Theatre

    Wed 17th Oct 01:00 to 01:50

    Achieving Compliance Quickly and at Scale

    Compliance regulations can be challenging to understand and implement. Many of these regulations have cybersecurity requirements that are focused on protecting critical infrastructure with aggressive timelines - and without disrupting the very business-critical systems you're trying to protect. Jumping from one set of requirements to another, and to subsequent internal and external audits, can feel like a never-ending cycle. In this session, Faraz Aladin, will share thoughts on different approaches to handling the unique challenges a security practitioner can expect. He’ll highlight Illumio's unique position helping organizations across the world solve regulatory and compliance challenges quickly and at scale

    Speaker

    Speaker Name Profile
    Faraz Aladin View Profile
  • Wed 17th Oct 02:00 - 03:30
  • PANEL; Security Automation Simplified Today For Enhanced Security Tomorrow: Nist Open Security Controls Assessment Language (Oscal) Panel  |  ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

    ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Theatre

    Wed 17th Oct 02:00 to 03:30

    PANEL; Security Automation Simplified Today For Enhanced Security Tomorrow: Nist Open Security Controls Assessment Language (Oscal)

    Aligning security risk management and compliance activities with the broader adoption of cloud technology and the exponential increase in the complexity of smart systems leveraging such cloud solutions, has been a challenging task to date. Additionally, the proliferation of container technology employed in cloud ecosystems for enhanced portability and security, compels organizations to leverage risk management strategies that are tightly coupled with the dynamic nature of their systems. NIST’s Open Security Controls Assessment Language (OSCAL) is a standard of standards that provides a normalized expression of security requirements across standards, and a machine-readable representation of security information from controls to system implementation and security assessment. This bridges the gap between antiquated approaches to IT compliance and innovative technology solutions.

    Speakers

    Photo Speaker Name Profile
    Andrew Weiss View Profile
    Brian Ruf Brian Ruf View Profile
    David Walterrmire View Profile
    Michaela Iorga Michaela Iorga View Profile
  • Wed 17th Oct 03:40 - 04:30
  • Asymmetric Cyberwarfare: The Business Case for Insecurity Reg Harnish  |   GreyCastle Security  |   ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

    ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Theatre

    Wed 17th Oct 03:40 to 04:30

    Asymmetric Cyberwarfare: The Business Case for Insecurity

    It's time to face one simple truth - cybersecurity just doesn't make sense. Despite skyrocketing budgets, advances in technology and growing cybersecurity investments, corporate America is no more secure than it was decades ago. The fact of the matter is - cybersecurity doesn't work. The time, money and energy we spend on cybersecurity efforts hasn't paid off, and it never will. In fact, most of us would have more success selling legal advice to attorneys. And like Wesley Snipes, we're less concerned about winning than we are about looking good while we lose. It's time to pack it in, call it a wrap and throw in the towel. If you're still reading this, you know that all of this is true - but it doesn't matter. We know the odds are stacked against us, but we still play the game. For some of us, it's the very reason we play the game. Offense is easier than defense, and we can't win. So it's time to redefine losing. We can do this. Join GreyCastle Security as we explore the lopsided, unending tournament we call cybersecurity and strategies to win on defense.

    Speaker

    Photo Speaker Name Profile
    Reg Harnish Reg Harnish View Profile
  • Thu 18th Oct 09:40 - 10:30
  • Putting the SEC in DevSecOps: Security as the Keystone to Collaboration Marnie Wilking  |   Orion Health  |   ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

    ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Theatre

    Thu 18th Oct 09:40 to 10:30

    Putting the SEC in DevSecOps: Security as the Keystone to Collaboration

    There's a reason SEC is in the middle of DevSecOps. Security is truly a unifying force. We have our fingers in every aspect of the business, giving us the visibility and position to drive collaboration and provide change leadership needed for the move to DevSecOps. but leveraged that success to achieve industry certification. We'll also discuss strategies for using infosecurity as a unifier to drive collaboration and break down the silos in your business.

    Speaker

    Photo Speaker Name Profile
    Marnie Wilking Marnie Wilking View Profile
  • Thu 18th Oct 10:40 - 11:30
  • Turning your Compliance program for fun and profit Gordon Shelvin  |   Security and Analytics, LLC  |   ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

    ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Theatre

    Thu 18th Oct 10:40 to 11:30

    Speaker

    Speaker Name Profile
    Gordon Shelvin View Profile
  • Thu 18th Oct 01:00 - 01:50
  • Alphabet Soup: Assessing Your High Risk Vendors David Schroth  |   Design Compliance and Security, LLC  |   ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud)

    ISSA Theater 2 - Privacy, Regulation and Compliance (Cloud) Theatre

    Thu 18th Oct 01:00 to 01:50

    Alphabet Soup: Assessing Your High Risk Vendors

    Do you use third parties in your business? How do you trust but verify their security practices? Enter the world of third party audit reports (which is more like a bowl of Alphabet Soup) - We will go through an overview of what companies are using to obtain assurance over the security practices of their vendors. We will talk about SOC 1, SOC 2, SOC 3, SSAE 18, HITRUST, ISO 27001 and other assessments and audits along with the pros and cons of each so you can use them effectively in your vendor management processes. We will also discuss the pros and cons of each report and how to interpret the results.

    Speaker

    Photo Speaker Name Profile
    David Schroth David Schroth View Profile
Top