Business: Agility via DevOps
B1 – Security and Chaos Engineering
This presentation will review chaos engineering principles and the application of information security to an agile development process. In it, we will discuss the automated adversary emulation concept, as a way to introduce “chaos” and provide new capabilities, from an agile perspective.
Sean Atkinson is Chief Information Security Officer of CIS (The Center for Internet Security). Prior to CIS, Sean served as the Global Information Security Compliance Officer for GLOBALFOUNDRIES, serving Governance, Risk and Compliance (GRC) across the globe. In addition to his work with CIS, Sean is also an adjunct professor of Computer Science at the College of Saint Rose.
Prior to GLOBALFOUNDRIES, Sean led the security implementation for the New York State Statewide Financial System (SFS) implementation from 2007 to 2014 and his last role and responsibility was as the Internal Control, Risk and Information Security Manager.
Sean was born in Brooklyn, N.Y. and lived in England for 18 years, graduating Sheffield Hallam University in 2000. After moving back to the United States, Sean has pursued multiple degrees and certification in the IT arena.
B2 – Beyond Prevention: Detection and Response in the Modern Enterprise
In this discussion Fishtech (CYDERES) will share its vision for the moving of organizations from traditional prevention based security models to a position from which they are capable of responding quickly to advanced threats, in near real time. This discussion will explore leveraging orchestration and automation along with DevOps technologies to augment human expertise, through automation, collection, enrichment, and the post-processing of telemetry and events across technology independent platforms.
Mike Schladt, CYDERES Detection Engineer, is an Information Security Engineer with over 10 years’ experience performing malware analysis, reverse engineering, digital forensics, and incident response. His previous roles include leading malware analysis at the USAF National Air and Space Intelligence Center as well as at General Electric where he performed multinational incident response investigations and researched innovative detection and response capabilities. Mike has presented research at public and private national cybersecurity conferences and taught Network Security Monitoring at the University of Cincinnati. Mike lives in Cincinnati Ohio with his wife, Jessica, and their dog, Seeley. Mike and Jess are both graduates of the University of Kentucky, School of Engineering (and by definition, avid UK Basketball fans).
B3 – Five Steps to a More Secure DevOps Environment
Many organizations are adopting DevOps in order to seize market opportunities ahead of the competition. Building information security and risk management into this new development pattern is challenging. In this session, hear five recommended solutions for introducing information risk management into your systems development life cycle and three strategies for building the business case for management. Understand how to incorporate legacy ICS and contemporary IoT programs into DevOps securely, reliably, and safely. Learn valuable recommendations for improving DevOps by incorporating information security and risk management, all based on where your development organization is today.
William Malik is VP of Infrastructure Strategies at Trend Micro. As a founder of Gartner’s Information Security Strategies service in the mid-1990s, Bill has deep expertise in information security matters. He has spoken internationally on information security, identity management, privacy, business continuity, and enterprise architecture. During his IBM career he guided the mainframe operating system zOS (then MVS) through the process leading to a NIST/NSA B1-level security rating. He taught a graduate class on Information Security Policy at Georgia Tech.
B4 – Don’t Call Me a Firewall: A Formula for Creating Cybersecurity Superheroes
The data is present, visible and irrefutable – people are our biggest cybersecurity risk. And while security pundits evangelize the failures of security awareness and corporate budgets continue to be wasted on human security; the rest of us persevere, knowing that awareness is but one part of the security equation – the most difficult one. Firewalls are programmable, portable and predictable; people are none of that. And until we realize that security people aren’t good at solving psychology problems, we’ll continue to wallow in cyber-disappointment. Join GreyCastle Security as we dive into the human psyche and the tips, practices, and Jedi mind tricks we use to effectively transform corporate citizens into cybersuperheros.
Brian Murphy brings his expertise in Governance, Risk and Compliance in Banking and Manufacturing and has over 10 years of experience, specifically in Identity and Access Management, Policy and Procedure Review, and Control Gap Analysis. Brian maintains Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC). As part of the GreyCastle team, Brian is a member of the Business Services, focusing on delivering Awareness programs and client training sessions.