Hi [[ session.user.profile.firstName ]]

Banking on the Cloud: Real-World Use and Challenges Across Financial Services

In this webinar, we will share analysis around cloud usage of financial institutions across three main areas of interest: security concerns, regulatory requirements and governance aspects.

In this webinar, we will discuss:
1. Current cloud use in the Financial Sector
2. Main security concerns such risk management, threat monitoring and technical controls, ie, key management
3. Best practices for secure and compliant cloud adoption
Recorded Aug 5 2020 41 mins
Your place is confirmed,
we'll send you email reminders
Presented by
Craig Balding, FSSP Co-chair, CSA and Founder of Resilient Security & Lianne Caetano, Dir of Cloud Marketing, McAfee
Presentation preview: Banking on the Cloud: Real-World Use and Challenges Across Financial Services

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile
  • Strategia e tattica nella protezione dei container e microservizi Recorded: Mar 22 2021 59 mins
    Paolo Foti, CSA Italy; Yvette Agostini, CSA Italy; Marco Rottigni, Qualys
    I container applicativi e le architetture dei microservizi vengono utilizzate, come definito nel documento NIST SP 800-180, per progettare, sviluppare ed implementare applicazioni software che sfruttano metodologie di sviluppo agili come il DevOps.
    L’agilità e il dinamismo dei container applicativi richiedono tuttavia alcune attenzioni in tema di sicurezza, con l’obiettivo di preservare la sicurezza ed integrità dell’intero Software Development Life Cycle.
    CSA Italy presenterà alcune raccomandazioni di CSA elaborate nell’ambito del gruppo di lavoro «Application Containers and Microservices» (https://cloudsecurityalliance.org/research/working-groups/containerization/), mentre QUALYS ci farà vedere come implementare una security “built-in” nelle tre fasi del ciclo di vita di un container (build, ship, run) e supportare l’identificazione della superficie vulnerabile per difendere in modo attivo la fase di runtime.
  • How do you get into a CyberSecurity or Cloud Security Career in 2021? Recorded: Mar 18 2021 61 mins
    CSA Triangle Chapter
    How do you get into a CyberSecurity or Cloud Security Career in 2021?


    Caroline Wong

    Caroline is the CSO at Cobalt.io, a Pentest as a Service (PtaaS) platform that simplifies security and compliance needs of DevOps-driven teams with workflow integrations and high-quality talent on-demand.

    Caroline is a strategic leader with strong communications skills, cybersecurity knowledge, and deep experience delivering global programs. My practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec product manager, and day-to-day leadership roles at eBay and Zynga and is also an author. Her writings have helped many in DevSecops and Security Metrics.

    Email: caroline@cobalt.io

    My-Ngoc "Menop" Nguyen

    Menop is An accomplished, highly skilled, solutions-oriented Executive with notable success in leading, growing, maturing, and sustaining businesses and is a SANS Certified instructor holding the GSLC, GSTRT, GPEN and GCIH certifications and is a SANS certified instructor. She is also CISSP certified and is the current CEO of Secured IT Solutions, a Las Vegas based security firm that specializes in Cyber Security, IT and management consulting.

    Email: myngocn@gmail.com

    Jessica Donahue


    Principal CyberSecurity Account Manager

    Jessica Donahue is a Principal Account Manager at Hays, specializing in Cybersecurity. Located in Raleigh, NC, she is a consultant, advisor, and expert in the Triangle on Security, IT, and Tech hiring and recruiting. Jessica helps her clients with their hiring strategy and provides valuable market insight and information on salary trends. She connects her clients with highly qualified and skilled candidates who meet their hiring needs through contract, contract-to-hire and full time employment. If you are having trouble filling your Cybersecurity position, reach out to Jessica!

    Email: jessica.donahue@hays.com
  • Cloud Breach Incident Response & Forensics Recorded: Mar 16 2021 62 mins
    Mike Raggo, Cloud Security Engineer, CloudKnox Security
    Cloud breaches are on the rise, and none of these breaches are small. Understanding the TTPs is key to determining where to look among the plethora of services available through Cloud Service Providers such as AWS and Azure. In this session we'll enumerate sources of forensic evidentiary data among the vastness of AWS Cloudtrail, GuardDuty, Microsoft Graph, and more. A very clearly defined methodology will be provided as a baseline for combing through this data in a precise and expedited way. Examples from real world breaches will be highlighted providing practical approaches to exposing the attacker's methods and compromise.

    Speaker: Mike Raggo, Cloud Security Engineer, CloudKnox Security

    Michael T. Raggo has over 20 years of security research experience. Over the years he has uncovered numerous vulnerabilities in products including Samsung, Checkpoint, and Netgear. His current research focuses on hybrid cloud security risks and threats. Michael is the author of “Mobile Data Loss: Threats & Countermeasures” and “Data Hiding” for Syngress Books, and contributing author for “Information Security the Complete Reference 2nd Edition”. His Data Hiding book is also included at the NSA’s National Cryptologic Museum at Ft. Meade. A former security trainer, Michael has briefed international defense agencies including the FBI, Pentagon, and Queensland Police; and is a former participating member of FSISAC/BITS and the PCI Council. He is also a frequent presenter at security conferences, including Black Hat, DEF CON, Gartner, RSA, DoD Cyber Crime, OWASP, HackCon Norway, and SANS. He was also awarded the Pentagon’s Certificate of Appreciation.
  • CCSK Training and Certification Guidelines & Introduction to the CCM Recorded: Mar 11 2021 52 mins
    Eleftherios Skoutaris, Innovation Analyst, CSA EMEA, & Ryan Bergsma, Training Director, CSA
    Join the CSA South Florida Chapter as we explore the Certificate of Cloud Security Knowledge (CCSK). The Certificate of Cloud Security Knowledge (CCSK) enables everyone the ability to utilize cloud services more securely and speak with confidence about cloud security concerns. The CCSK gives a broad overview of cloud security and affords critical insights into issues such as data security, key management and identity and access management.

    This event will introduce Cloud Controls Matrix (CCM), a cloud security controls framework specifically designed to provide fundamental security principles that guide cloud service vendors toward the most secure practices and to assist prospective cloud customers in assessing the overall security of cloud providers.
  • Level Up Your Detection and Response in SaaS Apps Recorded: Jan 27 2021 49 mins
    Ben Johnson, CTO & Co-Founder, Obsidian Security
    Presented by: CSA Washington DC Metro Chapter

    SaaS powers the modern workplace, as organizations move their critical business systems such as email, collaboration, sales and marketing to third-party SaaS applications. With more and more of the business data sitting in these cloud applications, threat-focused teams need to figure out how to run detection and incident response workflows on systems they don’t own and control. Obsidian CTO and former NSA engineer Ben Johnson will discuss how you can get better at detecting, investigating, and responding to unwanted behavior such as unauthorized access across multiple SaaS platforms using native cloud capabilities and third-party systems.

    Speaker: Ben Johnson, CTO & Co-Founder, Obsidian Security

    Speaker Bio: Ben Johnson is CTO and co-founder of Obsidian Security. Prior to founding Obsidian, he co-founded Carbon Black and most recently served as the company's Chief Security Strategist. As the company's original CTO, he led efforts to create the powerful capabilities that helped define the next-generation endpoint security space. Prior to Carbon Black, Ben was an NSA computer scientist and later worked as a cyber engineer in an advanced intrusion operations division for the intelligence community. Ben is active in the cybersecurity community, where he is a technical advisor to the US FISA Court and sits on the boards of multiple security startups.

    Ben earned a bachelor's degree in computer science from the University of Chicago and a master's degree in computer science from Johns Hopkins University. He lives in Newport Beach, CA with his wife and three sons.
  • Come posso fidarmi di un fornitore Cloud ? Recorded: Jan 27 2021 69 mins
    Alberto Manfredi, Mauro Palmigiani, Umberto Pirivano
    Dalla qualifica AGID alla nuova iniziativa CSA Trusted Cloud Provider.
    Nel 2020 abbiamo assistito ad un’ulteriore conferma della crescita del mercato cloud italiano, in particolare dei modelli di servizio SaaS grazie anche alla riconversione di applicazioni precedentemente sviluppate, ed installate, on-premise. Stanno inoltre acquisendo un’importanza rilevante le conformità a leggi e norme sulla cyber security e privacy. Alcune delle domande a cui si è chiamati a rispondere in un dialogo cliente-fornitore sono pertanto:
    ho ancora il controllo delle mie informazioni ?
    Il fornitore ha esperienza nella gestione in sicurezza del nuovo servizio in cloud ?
    Come valuto la fiducia del fornitore cloud ?
    CSA propone dal 2021 un percorso di qualifica per Fornitori Cloud chiamato CSA Trusted Cloud Provider. Ne parleremo con il nostro partner Palo Alto Networks alla luce della loro esperienza nell’ambito della qualificazione dei loro servizi SaaS sul marketplace AGID dei fornitori Cloud per la PA italiana (cloud.italia.it). Nell'ottica del modello di shared responsibility per la cloud security, PaloAlto Networks ci mostrerà le best practice che i clienti dovrebbero considerare per ottenere una postura di sicurezza adeguata qualunque sia il loro grado di maturità nell'adozione di IT in cloud.
  • Dealing with an Adolescent Cloud Recorded: Dec 15 2020 40 mins
    Ross Young, CISO of Caterpillar Financial Services Corporation
    Summary: Would you like to learn how to secure the cloud? This webcast will go in depth on AWS's 7 secure design principles and walk you through a variety of open source tools that your organization can deploy to secure a cloud environment. For each principle we will demonstrate a Fundamental and Advanced approaches to transform any organization

    Speaker Name: Ross Young

    Speaker info: CISO of Caterpillar Financial Services Corporation, SANS Instructor, Johns Hopkins University Instructor, CISO Tradecraft Podcast Co-Host, and Creator of the OWASP Threat and Safeguard Matrix (TaSM)

    Speaker profile: https://www.linkedin.com/in/mrrossyoung/
  • Le principali minacce nel Cloud: analisi di 9 attacchi e cosa abbiamo imparato Recorded: Dec 14 2020 55 mins
    Paolo Foti, CSA Italy e Marco Rottigni, EMEA Qualys
    Il webinar e’ organizzato da CSA Italy e Qualys con l'obiettivo di analizzare le best practice di cloud security sulla base di 9 attacchi rilevati verso aziende importanti a livello internazionale, valutando successivamente l'applicabilità di alcuni approcci e soluzioni disponibili che aiutino ad identificare la superficie vulnerabile, arricchire il contesto , prioritizzare il rimedio e mantenere una visione dinamicamente aggiornata sull’inventario delle risorse cloud e la postura di sicurezza.
  • The Shift to Cloud-Based, Intelligent Ecosystems Recorded: Oct 28 2020 60 mins
    Paul Kurtz, Bob Gourley, Chase Cunningham,& John Yeoh (moderator)
    In a document titled “Cloud-Based, Intelligent Ecosystems” CSA proposes a call to action for security executives to break the endless cycle of iterative tool adoption and, instead, move to data-centric security operations, driving integration and automation leveraging cloud-based fusion. Here, we break down the white paper and open discussion on redefining intelligence, sharing data, today’s overabundance of security tools, and more.

    What you’ll learn:
    - How “intelligence” is being redefined in the industry
    - The challenges of integrating data from internal security tools and external threat feeds.
    - How to build a Cloud-based, secure, intelligent ecosystem
  • Pandemic lessons: opportunities and challenges with contact tracing in Canada Recorded: Sep 25 2020 61 mins
    CSA Canada Chapter
    Like never before, the Pandemic of 2019 has pitched the needs of public health, technology and privacy laws against each other. Canada, like many countries around the world, is struggling to implement efficient contact tracing without violating the privacy of its citizens. Does cloud-enabled contact tracing work? Is modern privacy-preserving technology efficient given the massive scale of tracing and the vast amounts of collected data? What can Canada learn from other countries, and how is it different? Our panel of technology and privacy experts will ponder these and other questions in a lively and frank discussion orchestrated by the CSA Canada Chapter.

    •Tim Grayson – panel moderator, Institute-X Inc. CEO and Transformation Leader
    •Dr. Ann Cavoukian – Executive Director of the Global Privacy & Security by Design Centre, and former 3-term Privacy Commissioner of Ontario
    •Dr. Khaled El Emam is a Professor at the University of Ottawa, eHealth Info Laboratory
    •Michael Geist - Canada Research Chair in Internet and E-Commerce Law at the University of Ottawa and a member of the Centre for Law, Technology and Society
    •John Weigelt - National Technology Officer at Microsoft Canada
  • Top Cloud Threats: Understanding and Responding to the Egregious Eleven Recorded: Aug 19 2020 58 mins
    Jon-Michael Brook, Top Threats Co-chair, CSA & Dan Frey, Sr. Cloud Product Marketer, ExtraHop
    The cloud is proven to spur innovation and efficiency, but the speed at which new devices can be added—and new instances spun up—increases risk to data and applications. If you’re concerned about security vulnerabilities in the cloud, you won’t want to miss this conversational deep dive into the Cloud Security Alliance’s annual “Egregious Eleven” report on the top threats to cloud computing.

    Register today to learn more about the top threats from security experts at ExtraHop and the Cloud Security Alliance. You’ll get real-world examples of how those threats can affect your business, as well as steps you can take now to strengthen your security posture. You’ll also see how visibility into network traffic and the ability to analyze full packets speeds incident response and helps make you less vulnerable to new and evolving threats.
  • Banking on the Cloud: Real-World Use and Challenges Across Financial Services Recorded: Aug 5 2020 41 mins
    Craig Balding, FSSP Co-chair, CSA and Founder of Resilient Security & Lianne Caetano, Dir of Cloud Marketing, McAfee
    In this webinar, we will share analysis around cloud usage of financial institutions across three main areas of interest: security concerns, regulatory requirements and governance aspects.

    In this webinar, we will discuss:
    1. Current cloud use in the Financial Sector
    2. Main security concerns such risk management, threat monitoring and technical controls, ie, key management
    3. Best practices for secure and compliant cloud adoption
  • Serverless Security in 2020 and what is the future for Serverless Recorded: Jun 12 2020 32 mins
    Vishwas Manral
    Serverless platforms enable developers to develop and deploy faster, allowing an easy way to move to Cloud native services without having to manage infrastructure - including container clusters or virtual machines. This presentation covers security for the serverless applications, focusing on best practices and recommendations for security professionals. We will also talk briefly of the need for CICD and to help secure serverless workloads.
    As part of the presentation we will also talk of the evolution of serverless and what we think the future of serverless security holds.
  • "Security as code" for automated development pipelines Recorded: Jun 12 2020 45 mins
    Andrey Pozhogin Senior Product Marketing Manager, Hybrid Cloud Security Kaspersky
    How to avoid letting supply chain attack compromise your most sensitive machines.
    Supply-chain attacks affecting software development when a malicious code is introduced into legitimate software through supply chain poisoning is an effective tool for cybercriminals. It has been used many times in the wild, successful attacks generating hundreds of thousands of downloads leading to successful pipeline compromise and backdoored software distribution. Such attacks tend to target the most sensitive production environments and are enabled and augmented by sub-par security practices and miscommunication between DevOps and InfoSec. The results are long-lasting, impacting the company image, relations and often bottom line. Let’s discuss how DevOps can introduce on-demand security to their CI/CD pipelines without hindering their KPIs.
  • Emerging Trends Impacting the European Union Recorded: Jun 12 2020 69 mins
    Daniele Catteddu (CSA) Raj Samani (McAfee), Rich Mogull (Securosis).
    Ten years after the formation of the Cloud Security Alliance, cloud computing is a proven and globally accepted enterprise delivery and operational technology model. According to a January 2019 IDC report, the spending on Cloud IT infrastructure may have reached a tipping point in the third quarter of 2018 by surpassing traditional IT revenues with slightly more than a 50% market share.
    Looking at the European market, on one hand cloud computing appears not to have achieved maturity and expressed its full potential, yet on the other we see several new emerging and converging trends (Industrial IoT, Blockchain and AI). This session will address emerging technology trends and the risk and opportunities in the aftermath of the COVID 19 pandemic.
  • Panel Discussion: GDPR with the CSA Center of Excellence Recorded: Jun 11 2020 54 mins
    Linda Strick (CSA), Nathaly Rey (Google), Marc Lueck (Zscaler), Neil Thacker (Netskope), Blake Brannon (OneTrust)
    This session hosted by the CSA EMEA Privacy Center of Excellence will address accountability under GDPR and how Codes of Conduct and certifications are being leveraged by organizations to drive transparency, compliance, and trust.
  • Introduction to the Code of Conduct Recorded: Jun 11 2020 22 mins
    Paolo Balboni
    GDPR Fundamentals & CSA Code of Conduct: Objectives, Scope and Methodology.
  • Oh $*!%: Security Doesn’t Have to Be a Four-Letter Word for Developers Recorded: Jun 10 2020 58 mins
    Chris Hertz VP Cloud Security Sales DivvyCloud by Rapid7 Jeremy Snyder, Sr. Director DivvyCloud by Rapid7
    Join Chris Hertz, VP, and Jeremy Snyder, Sr. Director, DivvyCloud by Rapid7 to learn how to achieve full lifecycle cloud security. They will discuss how cloud security challenges manifest in DevOps and how cloud security and developer misalignment creates friction and makes security a four-letter word. Additionally, they will provide guidance on how to integrate cloud security into DevOps with pipelines and Infrastructure as Code to improve developer productivity and cloud security.
  • European Banking Federation on Cloud Recorded: Jun 10 2020 32 mins
    Alexandra Maniati, European Banking Federation
    Alexandra will share insights on the multi-level work of the European Banking Federation (EBF) to facilitate the adoption of cloud computing in the European banking sector. The EBF supports the efforts of European institutions and agencies to promote security for cloud usage, contributing the banking industry's input in shaping processes and standards. Emphasis is attributed on the need for a future-proof risk-based approach, alleviation of fragmentation and establishment of a common security level.
  • Establishing a Modern Foundation for Advanced Insight Recorded: Jun 10 2020 65 mins
    Scott Bridgen GRC Consulting Director OneTrust GRC
    An effective governance, risk and compliance program should enable all stakeholders across business units to break down traditionally siloed risk areas and replace them with a connected, holistic view of risk that spans their organization and relationships. However, the data sprawl and scope of GRC initiatives can make this seem like a daunting or unattainable task. When reviewing today's roles, responsibilities and technology across today’s data driven landscape, there are three key aspects that set the foundation for establishing an insightful GRC program. In this session, we’ll review modern day GRC-drivers as well as the challenges of operating in the age of digital enterprises. We’ll breakdown practical applications and lessons learned in building a risk-based culture, proactively monitoring compliance, and mapping digital enterprises for GRC success.
    −Define business outcomes to own risk within each line of business and encourage support across leadership
    −Understand how to harmonize regulatory obligations and business objectives to effectively balance compliance and risk
    −Learn how to eliminate overlap across systems to work together and add greater business value to every layer of an organization.
Exploring the latest research from CSA.
Go in depth into CSA's latest research on everything from IoT to containers to blockchain. Webcasts will break down the research, provide use cases, instructions for implementation, and further insights.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Banking on the Cloud: Real-World Use and Challenges Across Financial Services
  • Live at: Aug 5 2020 4:45 pm
  • Presented by: Craig Balding, FSSP Co-chair, CSA and Founder of Resilient Security & Lianne Caetano, Dir of Cloud Marketing, McAfee
  • From:
Your email has been sent.
or close