How Can We Grow the Pool of Cloud Security Professionals
According to one source, there are about 3 million cybersecurity professionals worldwide. And there we need an additional 4 million cybersecurity professionals. The question for the panelists today is what we can do to address the shortfall in such expertise. With the greater cloud usage and increased cloud adoption during the pandemic period, many enterprises have pivoted to the cloud, creating a dire demand for cloud security professionals. The job is definitely cut out for our panelists. The panel hopes to address the challenge of having enough cybersecurity professionals and discuss what employers can do to build necessary working experience for the individuals.
Moderator: Dr. Hing-Yan LEE (EVP APAC, CSA)
- Dietrich BENJES (VP & GM APAC, Qualys)
- Ferdinand FONG (Chair, Protem Committee, CSA Sarawak Chapter)
- Sai HONIG (Co - founder, New Zealand Network for Women in Security)
- Stephanie King-Chung HUNG (SVP Cloud Business, Mission Software and Services, Digital Systems, ST Engineering, Singapore)
- Sheralynn TJIOE (Team Manager – Cyber Security & Big Data, HAYS)
Live onlineJul 299:15 amUTC
or after on demand45 mins
Your place is confirmed, we'll send you email reminders
The internet of Things (IoT) brings increased connectivity to all industries and business markets, enabling a wide range of services for customers, stakeholders, and service providers. IoT security risks could result in loss of business or life. Device manufacturers and organizations can leverage CSA's IoT framework to reduce risk to an acceptable level by implementing end-to-end security controls.
The presentation aims to provide a synopsis about the latest release of the Cloud Control Matrix version 4, a greater insight into its development and new components, the current activities of the CCM WG (ongoing works, published and future works) and finally an update on CSA’s STAR program and transition policy from CCMv3.0.1 to CCMv4.0.
Prof. Ryan KO (Chair & Director, UQ Cyber Security, University of Queensland, Australia)
At the heart of all cyber and cloud security attribution challenges is the problem of data provenance tracking and its reconstruction. In this talk, I will cover past, present and developing provenance research in computer science, and cover its relation and usefulness to accountability, traceability, trust, forensics and proactive cloud and cyber security. It will feature some of the cloud data provenance research I have conducted in the past decade, discussed unsolved (or seemingly unsolvable) problems, and will discuss some of the recent developments in academia, industry, and international standards.
Developed by CSA and ISACA to meet the unique demands of evaluating and auditing cloud based environments, the Certificate of Cloud Auditing Knowledge (CCAK) is the first credential that industry professionals can obtain to demonstrate their expertise in understanding the essential principles of auditing and assessment cloud computing systems.
In his presentation Daniele Catteddu will describe the rationales behind the creation of the CCAK and offer an overview of the CCAK body of knowledge, including cloud security components based on CSA’s Security, Trust, Assurance & Risk (STAR) and Cloud Controls Matrix (CCM), as well as highlight key differentiators from other IT audit certification programs and illustrate the benefits of earning your CCAK.
The need to properly manage secrets is an essential part of the software development lifecycle. It can also be a tedious and time-consuming, not to mention error-prone, effort. Having a strong, enforced policy on secret rotation is essential. But it can also be complicated. First, you need to determine where all of your secrets are used, then you need to generate new ones, document this happened and why, put new secrets wherever they are supposed to be used, and also document the entire process in the end — preferably without breaking everything.
You are likely wondering with all of this complication if it is even possible to come up with a way to properly manage secrets, especially in diverse, multi-cloud environments. The key is to look at this as a coding problem with a coding solution. Join Shikha Chawla, lead architect for Adobe I/O, and Scott Webster, cloud engineer, for insight into best practices for implementing an automated approach to secrets management. They will discuss what we have learned here at Adobe that works best for our application development and security teams that we hope will provide solid guidance you can use to implement your own automation program for secrets management.
Yuval Shchory, Head of Product Management, Cloud Security
How can cybersecurity catch up to the business, while still maintaining a dynamic, resilient, and secure operation? Transitioning and operating in the cloud is no longer just about moving from your on-premises data centers. It’s about optimizing connections between branch offices to home offices, and accelerating the development and deployment of applications – all while remaining secure and compliant!
Join us and find ways to squeeze the full business benefits out of the cloud through consolidation, visibility, automation, and intelligence.
The most common cloud security issue facing organizations today is a database containing sensitive data that’s inadvertently accessible to the internet. It seems every week another brand is in the headlines because attackers exploited this situation to steal data. So why is it so hard for security teams to answer the simple question, “do we have a publicly exposed database?” In this session, we’ll dive into the complexity of cloud and Kubernetes networking that gives rise to this problem and what security teams can do to break through this complexity and discover the at-risk database in their own cloud environments.
Join IntSights to see first hand, recent intelligence on how threat actors deploy ransomware against various industry targets, as well as how the sophistication of ransomware continues to evolve.
Attend this session to hear IntSights Yotam Katz and Andrey Yakovlev review:
• The latest trends in ransomware
• Best practices and practical steps for considering and countering threats
• How threat intelligence can be used to contextualize indicators of compromise
• Insights into threats beyond the horizon...
Dimitri Sirota, Gary Patterson, and Sarah Hospelhorn of BigID
Modern multi-cloud environments are complex, noisy, and full of sensitive data. It’s critical to gain visibility and control for data in the cloud - to reduce risk, get more value from your data, and take a strategic and scalable approach to data management.
Join Dimitri Sirota, Co-founder, and CEO of BigID, to explore how to build a data visibility and control framework for the cloud. You’ll learn:
- Challenges to data visibility and control across data centers in the cloud
- How ML and automation will fuel next-generation data management that extends to privacy, security, and governance
- Key steps to building a sustainable and scalable framework for cloud data management
Dr. Hing-Yan LEE, Madhav CHABLANI, Stephanie King-Chung HUNG, Ts. Saiful Bakhtiar OSMAN
The term “data sovereignty” has often been used by stakeholders (including cloud service consumers, cloud service providers, sectoral regulators) to mean different things. Just like the term "cloud computing" in the initial years, there are no widely agreed definitions; so the question "What do you understand by this term ?" naturally arises. Is it about: (a) data residency; (b) data localization; (c) data protection; (d) ... etc. What do these other terms mean anyway? Some parties commented that the above measures are too prescriptive and hide the real motivations, there are indeed innovative solutions to address those motivations. The panel discussion will identify the real motivations for data sovereignty. Some regulated sectors (e.g., finance, healthcare & healthcare) seem most paranoid about data sovereignty; they must have good reasons. Join us as the panelists endeavour to help us to understand the downsides and upsides to data sovereignty.
MODERATOR: Dr. Hing- Yan LEE (EVP APAC, CSA)
- Madhav CHABLANI (Chairman, CSA NCR Chapter & Consulting CIO, TippingEdge Consulting)
- Stephanie King-Chung HUNG (SVP Cloud Business, Mission Software and Services, Digital Systems,, ST Engineering)
- Ts. Saiful Bakhtiar OSMAN (Head of IT, APAC, ASCENT Fund Services)
Dr. Hing-Yan LEE, Victor LO, Philip VICTOR, Ferdinand FONG
According to one source, there are about 3 million cybersecurity professionals worldwide. And there we need an additional 4 million cybersecurity professionals. The question for the panelists today is what we can do to address the shortfall in such expertise in Malaysia. With the greater cloud usage and increased cloud adoption during the pandemic period, many enterprises have pivoted to the cloud, creating a dire demand for cloud security professionals. The job is definitely cut out for our panelists.
MODERATOR: Dr. Hing- Yan LEE (EVP APAC, CSA)
- Victor LO (Head of Cyber Security, Malaysia Digital Economy Corporation (MDEC))
- Philip VICTOR (MD, Welchman Keen)
- Ferdinand FONG (Chair, Protem Committee, CSA Sarawak Chapter)
Divakaren SIVAGURUNATHAN (BOD, ISACA Malaysia, Chapter)
2020 was the year of cloud computing due to the COVID19 pandemic, which required more businesses to operate remotely, and the staff to Work From Home. Though it is the obligation of the cloud service provider to take responsibility for their infrastructure and ensure security and safety at all ends, sometimes it doesn’t quite happen. There have been several large-scale incidents this year, in some cases, stemming from a surge in usage.
If there exists a gap between the requirements of the organization versus the capability of the cloud service provider, proper and formal steps must be put in place to successfully mitigate this risk to an acceptable level.
The best method to identify these gaps and address them with stakeholders is via an audit of the cloud service provider. This presentation will briefly explain the controls which need to be audited, to provide the requisite assurance to the client organization and their stakeholders. Ignorance is not bliss when migrating to the cloud.
Ekta MISHRA (APAC Membership Director & Country Manager - India)
As the cloud becomes increasingly essential to organizational IT strategies, working knowledge of cloud security best practices is crucial. Cloud computing represents a radical departure from legacy IT which means that IT audits must be significantly altered to provide assurance to stakeholders that their cloud adoption is secure. Traditional IT audit education and certification programs are not developed with an understanding of cloud computing and its many nuances. Developed by CSA and ISACA, the Certificate of Cloud Auditing Knowledge (CCAK) credential and training program fills the need for vendor-neutral, technical training and credentials in cloud auditing. Learn how CCAK prepares you to address the unique challenges of auditing the cloud, ensuring the right controls for confidentiality, integrity and accessibility, and mitigating risks and costs of audit management and non-compliance.
John Yeoh (Global Vice President of Research, CSA)
Since 2010, the CSA Top Threats report has revealed major security concerns in cloud computing from top industry professionals. John shares how the report can be used to protect against the latest attacks and high profile breaches of the past year. Leveraging the latest Deep Dive attack model, popular breaches are broken down into the threats, risks, and vulnerabilities that were exposed. Critical mitigations and controls are also shared to make sure your organization is prepared for these types of attacks.
Ferdinand FONG, Faisal YAHYA, FONG Choong Fook, Ian LOE, Narudom ROONGSIRIWONG
Timothy Grance (NIST) shared that no hybrid cloud existed when he co-authored the landmark NIST definition of different clouds. He has never expected hybrid clouds to become so pervasive and popular. This panel of experts will endeavor to address the following issues: What are the differences between hybrid and multi clouds? Is a hybrid cloud one or two clouds? How does a CSC manage two different clouds under different ownership? And ensure their different security compliance? What are the challenges in using hybrid clouds?
MODERATOR: Ferdinand FONG (Chair, Protem Committee, CSA Sarawak Chapter)
- Faisal YAHYA (Chairman, CSA Indonesia Chapter)
- FONG Choong Fook (Director, LE Global Services, Malaysia)
- Ian LOE (CTO, NE Digital)
- Narudom ROONGSIRIWONG (Head of Information Security, Thai Union Group PCL & Co-chair, CSA Hybrid Cloud Security WG)
Feng ZOU (Director of Cybersecurity Planning and Compliance, Huawei & Co-chair, CSA Hybrid Cloud Security WG)
Hybrid clouds are often the starting point for organizations in their cloud journey. However, any cloud model consists of risks, threats, and vulnerabilities. Earlier this year, the Hybrid Cloud Security Working Group examined hybrid cloud model risks, threats, and vulnerabilities in its Hybrid Clouds and Its Associated Risks white paper. However, after this review of risks, threats, and vulnerabilities, it’s critical to identify adequate mitigation controls. This presentation will cover countermeasures organizations can implement to improve hybrid cloud risk management and cybersecurity practices.
Narudom ROONSIRIWONG (Head of Information Security, Thai Union Group PCL & Co-chair, CSA Hybrid Cloud Security WG)
As businesses are developing rapidly, many cloud consumers find that a single public/private cloud or traditional on-premises data center is no longer able to meet service requirements. Organizations are increasingly choosing hybrid cloud environments and services to meet their needs. However, hybrid clouds pose different risks and thus bring on a different set of challenges to security.This presentation will provide the overview of Hybrid Cloud, demonstrate its risks, threats and vulnerabilities, and give examples of Hybrid Cloud use cases.
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa
How Can We Grow the Pool of Cloud Security ProfessionalsDr. Hing-Yan LEE, Dietrich BENJES, Ferdinand FONG, Sai HONIG, Stephanie King-Chung HUNG, Sheralynn TJIOE[[ webcastStartDate * 1000 | amDateFormat: 'MMM D YYYY h:mm a' ]]45 mins