Business: Agility via DevOps

DevOps combines development with operations to remove traditional barriers and uses agile development methods to quickly deliver products and services. The “Business: Agility via DevOps” Track allows business managers and IT development leaders to hear how other organizations are using DevOps, Agile methods and automation to protect their organization while staying ahead of the competition.

B1 – Security and Chaos Engineering

Sean Atkinson

This presentation will review chaos engineering principles and the application of information security to an agile development process. In it, we will discuss the automated adversary emulation concept, as a way to introduce “chaos” and provide new capabilities, from an agile perspective.


Sean Atkinson is Chief Information Security Officer of CIS (The Center for Internet Security). Prior to CIS, Sean served as the Global Information Security Compliance Officer for GLOBALFOUNDRIES, serving Governance, Risk and Compliance (GRC) across the globe. In addition to his work with CIS, Sean is also an adjunct professor of Computer Science at the College of Saint Rose.

Prior to GLOBALFOUNDRIES, Sean led the security implementation for the New York State Statewide Financial System (SFS) implementation from 2007 to 2014 and his last role and responsibility was as the Internal Control, Risk and Information Security Manager.

Sean was born in Brooklyn, N.Y. and lived in England for 18 years, graduating Sheffield Hallam University in 2000. After moving back to the United States, Sean has pursued multiple degrees and certification in the IT arena.



B3 – Five Steps to a More Secure DevOps Environment

Bill Malik

Many organizations are adopting DevOps in order to seize market opportunities ahead of the competition. Building information security and risk management into this new development pattern is challenging. In this session, hear five recommended solutions for introducing information risk management into your systems development life cycle and three strategies for building the business case for management. Understand how to incorporate legacy ICS and contemporary IoT programs into DevOps securely, reliably, and safely. Learn valuable recommendations for improving DevOps by incorporating information security and risk management, all based on where your development organization is today.


William Malik is VP of Infrastructure Strategies at Trend Micro. As a founder of Gartner’s Information Security Strategies service in the mid-1990s, Bill has deep expertise in information security matters. He has spoken internationally on information security, identity management, privacy, business continuity, and enterprise architecture. During his IBM career he guided the mainframe operating system zOS (then MVS) through the process leading to a NIST/NSA B1-level security rating. He taught a graduate class on Information Security Policy at Georgia Tech.

B4 – Don’t Call Me a Firewall: A Formula for Creating Cybersecurity Superheroes

Brian Murphy

The data is present, visible and irrefutable – people are our biggest cybersecurity risk. And while security pundits evangelize the failures of security awareness and corporate budgets continue to be wasted on human security; the rest of us persevere, knowing that awareness is but one part of the security equation – the most difficult one. Firewalls are programmable, portable and predictable; people are none of that. And until we realize that security people aren’t good at solving psychology problems, we’ll continue to wallow in cyber-disappointment. Join GreyCastle Security as we dive into the human psyche and the tips, practices, and Jedi mind tricks we use to effectively transform corporate citizens into cybersuperheros.


Brian Murphy brings his expertise in Governance, Risk and Compliance in Banking and Manufacturing and has over 10 years of experience, specifically in Identity and Access Management, Policy and Procedure Review, and Control Gap Analysis. Brian maintains Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC). As part of the GreyCastle team, Brian is a member of the Business Services, focusing on delivering Awareness programs and client training sessions.