Name: Elevating MFA and Modernising IAM
Start: 2025-09-03T17:00:00Z
End: 2025-09-03T17:00:57.000Z
Location: BrightTALK
Rating: 4.3

This channel features presentations by leading experts in the field of information security. From application, computer, network and Internet security to access control management, data privacy and other hot topics, you will walk away with practical advice for your strategic and tactical information security initiatives.

The current data security and privacy protection landscape is awash with tools, acronyms, buzzwords that promise to make data breaches and privacy incidents a thing of the past. Yet hotel chains, healthcare providers, banks, department stores and even governments constantly fall victim to data breaches, ransomware or nation-state attacks. 

The plain truth is that tools are only as good as the people that use them and the processes that go with it. Two thousand years ago, the Roman empire had better military tools than the nations they conquered. Yet through time, the Romans fell to the barbarians and are merely remembered through their ruins. Likewise, companies with the latest and most buzzworthy technology implemented still manage to fall victim to attacks. 

In this presentation, industry thought leader Ralph Villanueva will tap into over 15 years’ experience of data security and privacy protection to show why ultimately, the people behind the tools and the processes they use matter more in securing your organization’s data. 

Key Takeaways:
 - How to best deploy tools in the most cost-effective way to optimize benefits.
 - How to best deploy tools to mitigate data security risks from internal and external threats. 
 - The importance of a balanced and holistic approach to data security that equally considers people, processes and technology.

Tools are Nothing: Why People and Process Matter More in Data Security and Privacy

Cyberattacks are continuing at pace and we're regularly hearing of new data breaches. But who is responsible for ensuring the security of personal data? 

Traditional data protection approaches are failing against modern attack vectors. Organizations need future-ready strategies that go beyond compliance checkboxes to create resilient security frameworks. In this session, we'll explore the current risks to personal data & privacy and delve into the range of models that can be used to protect your organizations critical assets.

This webinar will take you through examples of recent data breaches, identifying the challenges being experienced, learning from what went wrong and how best organizations can plan for the future. Such planning will investigate current good practice, adding some “steroids” to them such that organizations can hopefully stay in front of the next “breach”!

Steve Yates – Chairman of the Resilience Association, will share frontline experience about critical data assets security and protection of user privacy.  

Key Takeaways:

- Be aware of the challenges being experienced in the protection of data security & privacy;
- Understand how best to plan your data resources and capacity to meet tomorrow’s defense;
- Discover the core organizational elements needed for the establishment of a strategic, tactical and operational solution

Strengthen Data Security Strategy for Tomorrow's Resilience Defense

AWS infrastructure offers robust native security mechanisms, but the shared responsibility model places critical configuration burdens on app owners. This creates gaps that attackers can actively exploit through misconfigurations, privilege escalation, and cross-service vulnerabilities which can compromise entire cloud deployments.

Security automation emerges as an essential defense strategy for threat modeling, enabling businesses to enforce security best practices from deployment through ongoing operations. Automated security controls provide continuous monitoring, real-time threat detection, and optimized remediation across AWS services. This ensures a consistent security posture while reducing human error and response times.

Join Ernesto Marquez, Founder and Project Director at Concurrency Labs, to explore proven AWS security automation strategies for threat mitigation.

Key Takeaways: 

- Implement automated security controls that enforce best practices across AWS services 
- Deploy continuous monitoring and real-time threat detection for multicloud environments 
- Configure automated remediation workflows for common security vulnerabilities 
- Integrate AWS security automation tools into comprehensive threat modeling frameworks 
- Establish governance policies that maintain security consistency across cloud deployments

Deploy Automated AWS Defenses for Threat Prevention

As cloud supply chain attacks escalate in sophistication, traditional SBOMs alone prove insufficient for comprehensive security. While SBOMs provide valuable component inventories, they lack runtime verification capabilities—creating a critical blind spot that malicious actors increasingly exploit. This gap between static analysis and runtime behavior represents one of the most significant vulnerabilities in modern cloud environments.

The "Bill of Behavior" (BoB) approach addresses this challenge by providing vendor-supplied profiles of expected runtime behaviors. Generated using eBPF technology, BoBs codify legitimate syscalls, file access patterns and network communications. This enables immediate anomaly detection without custom rule creation, allowing organizations to verify software integrity throughout the supply chain and during execution, dramatically reducing the attack surface while simplifying security operations.

Join Dr. Constanze Roedig, Key Researcher at SBA-Research and Founder of Fusioncore.ai, to discover how this emerging standard complements existing SBOM frameworks to create verifiable trust in your cloud ecosystem.

Key Takeaways:
- Understand how Software Bills of Behavior (SBoBs) create verifiable trust between vendors and clients
- Learn practical implementation strategies using existing OCI distribution standards
- Discover how BoBs significantly reduce attack surfaces across both runtime and supply chain vectors
- Explore immediate benefits of receiving vendor-supplied behavior profiles with software packages
- Discover how CNCF Kubescape allows anomaly detection out of the box

Beyond SBOMs: Runtime Verification for Bulletproof Cloud Supply Chains

Organizations are rapidly adopting AI technologies without fully understanding the security implications. This is creating unprecedented vulnerabilities in cloud environments. In turn, with AI accessible to all stakeholders, the human factor has become the weakest link in cybersecurity defense strategies.

This session addresses critical considerations for IT and cybersecurity leaders to balance business innovation with risk management. Learn how to establish ethical AI frameworks, implement proper access controls, and build awareness programs that protect your organization while enabling AI adoption.

Join Kathleen Mullin, vCISO and Consultant, to explore practical strategies for securing AI in cloud environments while maintaining business agility.

Key takeaways:

• Define clear RACI matrices for AI business risk ownership and accountability 
• Assess whether AI solutions truly meet business requirements vs. alternative approaches
• Establish data governance and access controls specifically for cloud-based AI systems 
• Develop comprehensive AI awareness programs for organizational stakeholders 
• Evaluate current and future cloud AI risks within your security framework

Considerations: Securing the Cloud And In Specific AI

As organizations accelerate cloud adoption, sophisticated security technologies often create a false sense of protection while the most significant threats emerge from within. Human behaviour continues to be the weakest link in cloud security, not due to malicious intent, but through everyday mistakes that inadvertently expose critical systems.

When they create friction, security measures designed to protect can inadvertently increase risk as users will find shortcuts to achieve their legitimate objectives. This session explores the psychology behind user decision-making and reveals how threat actors exploit human nature to bypass cloud defenses, turning legitimate business processes into attack vectors.

Join Simon Ratcliffe, independent management & technology consultant, to discover practical strategies for human-centered cloud security.

Key Takeaways:

- Identify psychological triggers that make users vulnerable to cloud-based attacks 
- Recognize how security friction drives risky user behaviors and workarounds
- Design user-centric security that reduces human error without compromising protection 
- Develop indicators to detect insider threats before they escalate 
- Build security awareness programs that create lasting behavioral change

Securing the Human Element: Why People Remain Cloud Security's Top Vulnerability in 2025

Insider threats are one of the most challenging security risks in multicloud environments, where authorized users can exploit fragmented access controls and limited visibility across platforms. When organizations lack comprehensive oversight of user activities, data flows and privilege escalation paths, the risk posed by human error and malicious insiders is much greater.



Multicloud architectures amplify insider threat risks through inconsistent identity management, scattered audit trails, and complex permission structures that create blind spots for security teams. Strategic threat modeling designed around insider risks enables organizations to map user access patterns, identify privilege abuse scenarios, and implement behavioral monitoring across all cloud platforms before incidents occur.



Join Sandeep Tripathi, IT Solutions Designer at Daimler Truck AG, to discover systematic approaches for detecting and preventing insider threats in complex multicloud environments.



Key Takeaways: 

- Identify insider risk scenarios across cloud platforms using threat modelling frameworks
- Implement comprehensive user behavior analytics and cross-cloud activity monitoring
- Limit insider threat impact and lateral movement using zero-trust access controls.
- Develop incident response protocols for insider-driven security breaches
- Create governance frameworks for managing privileged access in multicloud environments

Mitigate Insider Threats in Multicloud Through Strategic Modeling

Every minute your cloud infrastructure grows, it creates new entry points for potential attacks. As organizations rush to embrace cloud innovations, they're unknowingly building digital labyrinths where traditional security measures fall short.

Cloud security threats are often perceived as purely technical challenges, but the human factor remains one of the most significant and underestimated risks. Misconfigurations, weak passwords, phishing attacks, and inadequate training open doors to breaches even in sophisticated environments. Employees inadvertently expose sensitive data through social engineering, while administrators overlook crucial updates. Insider threats pose significant risks when cloud systems are accessible from anywhere.

Join Jyotirmayee Pradeep Kumar, Vice President of Cloud DevOps at a leading global bank, to explore human factors in cloud security threats.

Key Takeaways: 
- Human error as the leading cause of cloud security breaches 
- Phishing attacks and social engineering threat vectors 
- Managing insider threats in distributed cloud environments 
- Essential security awareness training and culture development 
- Zero Trust architecture implementation strategies

Managing Human Risk in Cloud Security Operations

AI technologies are simultaneously completely transforming business operations and creating new security vulnerabilities that cannot be addressed by technical safeguards alone. When implementing AI-driven solutions, human oversight is the biggest differentiator between secure innovation and catastrophic data breaches. As such, human intervention is both the biggest vulnerability and most significant defense in organizational security architectures.

To address this challenge, IT leaders can build a security champions program—a network of engaged employees who understand AI-specific threats and serve as frontline defenders. This group bridges the gap between security teams and other business units. They spread security awareness throughout the organization while maintaining operational efficiency.

Join Vincent Amanyi to discover proven strategies for empowering a team of security champions who can help safeguard your organization's AI initiatives and digital assets.

Key Takeaways:

- Learn to assess AI-related security risks across all business functions
- Design a people-centric security strategy that combines technical controls and human intelligence
- Establish and structure an effective Security Champions Committee with clear roles and responsibilities

Fortifying the Human Firewall: Cultivating Security Champions in Today's AI Landscape

In today's threat landscape, where the average data breach costs organizations $9 million, your employees represent both your greatest vulnerability and your strongest defense. As AI-powered threats become more sophisticated and remote work expands the attack surface, traditional security awareness approaches are failing to create lasting behavioral change. The human element remains implicated in over 80% of breaches, yet most training programs still focus on compliance checkboxes rather than cultivating security champions.

Effective security awareness requires a strategic approach that addresses psychological barriers, leverages behavioral science and creates sustainable security habits. By reimagining how we engage employees—from executive leadership to frontline staff—organizations can transform their security culture from a perceived burden into a competitive advantage that measurably reduces incident rates and response times.

Join Ralph Villanueva, with 15+ years leading enterprise security awareness programs, to discover proven methodologies that transform employee behavior.

Key takeaways:

- Implement psychological triggers that convert passive training participants into active security defenders
- Design role-specific awareness programs that address the unique risks of different departments
- Measure training effectiveness beyond completion rates with behavior-based security metrics
- Secure executive buy-in by connecting awareness initiatives to tangible business outcomes
- Deploy just-in-time learning techniques that deliver training when employees are most receptive

Transforming Human Risk: 10 Battle-Tested Strategies for Modern Security Awareness

Organizations are investing heavily in advanced security tools. But the most critical—and vulnerable—component of cybersecurity defense is people. As AI-driven attacks and quantum-era risks emerge, the gap between technological capabilities and human cognitive readiness threatens to widen dramatically.

Security professionals face unprecedented pressure when responding to incidents. Even with robust detection and recovery tools, factors like stress, fatigue and decision paralysis can significantly increase recovery times and amplify damage. This presentation introduces an expanded MTTR formula incorporating the "Human Cognitive Factor"—a groundbreaking approach that addresses the psychological dimensions of security response that technology alone cannot solve.

Join Sandra Estok (Founder & CEO, Way2Protect) to discover why preparing employees will determine your organization's survival in the 2026 threatscape.

Key Takeaways:

- Master the expanded MTTR formula that quantifies how human cognitive factors impact recovery timelines
- Identify early warning signs of team cognitive impairment before they compromise your security posture
- Implement practical strategies to build psychological resilience and decision-making clarity under pressure
- Establish metrics that measure human performance alongside technical metrics for comprehensive security assessment
- Learn how leadership decisions about culture, team structure, and psychological safety directly influence threat response effectiveness

Strengthening Your Human Firewall: Closing Cognitive Security Gaps Before 2026

Both endpoint security and endpoint management are becoming more challenging, largely driven by an increasingly complex threat landscape and a greater number (and assortment) of both managed and unmanaged endpoint devices. This, combined with an overabundance of tools deployed to deal with these threats and devices, has created a false sense of security and the inability to process all the data being collected.

 To combat this, organizations are making efforts to integrate the teams, tools, and processes involved, and these efforts are having a positive impact on visibility and awareness. Similarly, organizations are eager to adopt new tools like Autonomous Endpoint Management to help them achieve their goals.

In this session from Endpoint Management and Security Gabe Knuth, you’ll learn both what research reveals about the challenges facing organizations, the risks associated with the status quo, and the path forward to improving overall endpoint management and security.

Overcoming Increasing Endpoint Security & Management Challenges

As organizations continue to accelerate their cloud adoption, the 2026 threatscape reveals an increasingly complex and dynamic environment. Attackers are leveraging AI-driven exploits, supply chain vulnerabilities, and sophisticated cloud-native attack vectors to target critical infrastructure and sensitive data. Meanwhile, regulatory landscapes and compliance requirements are rapidly evolving, demanding stronger governance and resilience strategies.

This session explores the top cloud security threats projected for 2026, including identity compromise, API exploitation, misconfiguration risks, and multi-cloud visibility challenges. It also highlights forward-looking defense strategies, from zero-trust architectures and autonomous remediation to AI-powered detection and response. Participants will gain actionable insights into building a proactive cloud security posture that not only addresses today’s risks but anticipates tomorrow’s challenges.

Emerging Risks, Evolving Defenses and the Future of Cloud Security

AI-powered digital transformation creates a critical security paradox: the systems accelerating innovation are prime vulnerability points. As our data volumes multiply with AI pipelines, organizations face new risks that traditional security frameworks never needed to cover. With AI-related breaches projected to increase significantly in 2025, securing these data flows has become a board-level priority.

Security teams have to be able to balance transformation speed with robust protection across the entire AI ecosystem. This requires rethinking data governance, implementing continuous validation protocols and establishing clear visibility into automated decision paths—all while maintaining the business velocity that AI enables. The challenge isn't just technical; it requires new governance models that align security, data science and business objectives.

Join Oksana Denesiuk (Senior Product Manager, Solution Consultant - Billing, Kaiser Permanente) to discover practical frameworks that will secure AI systems without sacrificing innovation speed.

Key takeaways:

- Identify hidden vulnerability points in AI pipelines that traditional security tools miss
- Implement data lineage tracking and validation protocols across your automation ecosystem
- Establish board-ready metrics that measure AI security posture and data protection efficacy
- Deploy zero-trust principles specifically designed for machine learning environments
- Balance security controls with the speed and scale benefits that drive AI adoption

Neutralizing AI Vulnerabilities: The New Cybersecurity Imperative

AI is a friend, but it can be a terrible foe when not properly used. In cybersecurity, we also see AI as an enabler of cyber-criminal activities and security errors. In this talk, we will focus on what you need to know to defend your enterprise against AI-enabled cyberattacks. We will also discuss how to protect yourself and your company against errors caused by the improper use of AI.

Learning objectives:

- Understand emerging AI-enabled cybercriminal trends
- Recognize and avoid mistakes that stem from blindly trusting AI
- Apply AI effectively to reduce and manage your organization’s threat landscape

I vs AI – AI Threat Landscape 2026

As cyber threats evolve in complexity and impact, organizations need to consider a new strategic direction for addressing "The 2026 Threatscape." This presentation explores whether companies should implement strategies that account for Low Probability, High Impact Events and what it takes to become a High Reliability Organization (HRO).

Organizations that transform into HROs can achieve a return on their cyber-resilience investments and enhanced customer confidence. This requires organizations to acknowledge all failures regardless of size, embrace complexity, empower front-line employees, build resilience and leverage subject-matter experts—all while confronting the rise of AI-powered threats.

In this session, we'll identify potential "undisclosed" risks of significant global disruption and explain why organizations must be perceived as reliable.

Steve Yates - Chairman of the Resilience Association, will share frontline experience on building resilience into both cyber resources and organizational structure. He'll discuss critical scenarios organizations must plan for, while addressing third-party dependencies and the essential human element of cybersecurity.

Key Takeaways:

- Analysis of Low Probability, High Impact Events, with focus on Global Supply Chain vulnerabilities and critical third-party dependencies
- Core components of the High Reliability Organization framework, including principles for embedding resilience processes into daily operations
- Practical strategies for navigating the next wave of Digital Resilience, including challenges to Critical National Infrastructure (CNI) amid technological advancement
- Case studies of recent significant disruptive events that tested major global organizations, with observations on effective defensive capabilities
- Actionable insights for developing a comprehensive strategic approach incorporating training, knowledge transfer, cross-organizational collaboration, and compliance measures

The 2026 Threatscape – Is it Time for a New Strategy?

As AI rapidly transforms the technological landscape, organizations face unprecedented security challenges that mean cybersecurity approaches must evolve. The convergence of AI with enterprise systems introduces new vulnerabilities, from confidential data exposure to emerging threat vectors that traditional security frameworks simply aren't designed to address.

The democratization of AI tools has created a dangerous security gap, with users routinely entering sensitive information and developers uploading proprietary code to public AI systems without adequate safeguards. This vulnerability extends to IoT ecosystems where AI-enabled devices must operate securely even in physically accessible environments—from factory floors to smart buildings. IoT manufacturers typically implement inconsistent, device-specific security protocols rather than adopting industry-standard frameworks, creating fragmented protection against evolving threats.

Cybersecurity leaders play a significant role in this context. They must transition from purely defensive roles to become strategic partners in AI governance, actively shaping AI policy and strategy to address these emerging challenges. Join Rob Clyde, Past Chair of ISACA and Chairman of Crypto Quantique, as he shares essential insights on securing your organization in the AI era.

Key takeaways:

- Learn essential cybersecurity considerations for IoT and other critical systems in the AI era
- Understand how cybersecurity professionals must actively shape AI policy and strategy
- Gain insights from ISACA's recent research on the current state of AI and cybersecurity
- Explore real-world examples of cyberattacks and vulnerabilities involving AI-powered IoT devices
- Discover strategies to address Shadow AI and protect sensitive information in AI systems

Securing the AI Frontier: Evolving Cybersecurity for Tomorrow's Threats

AI is accelerating attacker speed, scale, and creativity. The result isn’t just “more threats,” it’s more inefficient security; overlapping controls, blind spots in identity and SaaS, and testing that lags behind change. The answer isn't in implementing another tool. Instead, it’s about operationalizing control optimization; measuring how each control actually reduces risk in the face of AI-aided techniques and reallocating investment accordingly.

In this talk, Evgeniy Kharam shares a practical, vendor-neutral way to quantify effectiveness: define adversary-centric objectives (ATT&CK-mapped), set baselines, continuously validate controls across identity, endpoint, SaaS, and cloud, and translate outcomes into ROI the business understands. He’ll cover quick wins (days, not months), common pitfalls, and how to use these metrics to justify roadmap and spend for 2026.

Key takeaways:

• A simple model to measure real control effectiveness against AI-driven tactics
• How to find and fix “control drift” created by digital transformation
• What to automate in continuous validation—and what not to
• A board-ready ROI narrative that ties security outcomes to business risk

The Control Optimization Imperative: Security ROI in the Age of AI Threats

It is well understood that the security perimeter is broken. This is why Gartner has reported that 63% of organizations worldwide have implemented a zero trust strategy. Zero trust is not a product but a framework to provide a holistic view on cybersecurity for the entire organization. Implementing zero trust goes beyond technical implementations but also requires a cultural shift. Everyone must actively contribute to its success. To be truly successful in implementing zero trust requires values that are shared across the business and adopted from top to bottom.        

The presentation will provide useful insight and information, including examples, on the cultural shift that will occur when fostering a zero trust mindset. This will allow everyone to recognize the importance of their contributions to the overall security of the business.

Join this discussion to learn:

- Understand how cybersecurity culture is a key component to reduce risk and enhance resilience
- Explore how the zero trust framework changes the way people view cybersecurity
- How to avoid the pitfalls associated with zero trust adoption
- Methods which encourage people, including senior leadership, to embrace the principals of zero trust
- Leverage the zero trust mindset to foster adaptability in the face of an ever-evolving threat landscape
- How other organizations have been able to develop a zero trust cybersecurity mindset

The Zero Trust Mindset: Getting Everyone Onboard

As organizations modernize their security posture, "Zero Trust" has become more than a buzzword. It is now a necessary framework for defending against today's sophisticated cyber threats. While its "never trust, always verify" principles are simple, successful implementation requires careful planning, disciplined execution, and avoidance of common pitfalls.

This session explores the critical do's and don'ts of real-world adoption of Zero Trust, going beyond the theoretical concepts to the prescriptive techniques that enable organizations to make true progress in their Zero Trust journey. It will highlight the practical steps for establishing a strong Zero Trust foundation and building upon it, as well as the common missteps that lead to incomplete or failed attempts and need to be avoided.

Attendees will learn:
- How to align Zero Trust with business priorities
- What foundational components are essential for Zero Trust from both a technology and process perspective
- Where organizations commonly hit roadblocks in implementing Zero Trust

Zero Trust Dos and Don'ts

In the midst of rapidly advancing technological progress, the rise of digitization and remote work has become a prevailing trend. As a result, critical infrastructures are increasingly susceptible to new risks, continually expanding the realm of cybersecurity threats and attack methods. 

Consequently, organizations are more inclined to entertain the notion of paying ransoms to threat actors. It is imperative for organizations to remain vigilant against these emerging threats to safeguard their systems. The recent proliferation of artificial intelligence (AI) technology has given rise to AI-powered cyber-attacks, which are experiencing exponential growth. This development has facilitated cybercriminals in creating sophisticated and innovative malware embedded with new zero-day vulnerabilities. 

AI-powered cyber-attacks leverage machine learning to adapt to evolving defenses and devise novel methods to circumvent them, all while remaining undetected. This enables them to establish an illicit, enduring presence within networks for the purpose of extracting highly sensitive data. 

In order to effectively counter advanced cyber-attacks, organizations must adopt a comprehensive approach and incorporate zero trust principles into their architecture. This involves: 
- Treating every device, node, or entity as a potential threat point. 
- Implementing explicit identification, authentication, and authorization measures. 
- Embracing a default deny model as opposed to a default access model. 
- Developing proactive incident response plans. 
- Providing cybersecurity best practices training for employees. 
- Deploying AI-powered cybersecurity solutions. 

We invite you to engage in thoughtful discourse on these topics, cultivating a clear understanding and exploring strategies for integrating zero trust into your scalable enterprise architecture.

Integrating Zero Trust in a Scalable Enterprise Architecture

In today’s increasingly decentralized IT environments, organizations are facing a modern identity crisis—one where traditional perimeter-aligned security is no longer effective, and identity has become the new attack surface. As cloud adoption, remote work, and third-party access proliferate, meshes of identities and permissions lead to serious risks. As users gain more and more privileges, identities sprawl, and unauthorized access to sensitive data continues to grow, this session is about how to take back full control.

This webinar explores how Zero Trust principles—rooted in continuous verification and least privilege access—can help organizations regain control. By implementing fine-grained Identity and Access Management (IAM) strategies, security teams can reduce risk, enforce policy consistently across hybrid environments, and protect critical assets from identity-based threats.

Zero Trust, Full Control: Tackling the Modern Identity Crisis in Data Security

Join David Holmes — former Forrester analyst and one of the world’s foremost experts on Zero Trust — as he reveals a practical roadmap for enforcing multi-factor authentication and least privilege across your IAM framework.

In this high-impact session, you'll discover:

- Why traditional IAM models are no longer enough

- Where most Zero Trust strategies fall short — and how to fix it

- How to enforce MFA and least privilege without disrupting users

- Proven tactics to eliminate gaps in access control across users, apps, and data

Whether you're just starting your Zero Trust journey or refining your IAM program, this session will equip you with actionable strategies to reduce risk and boost resilience.

Make your Zero Trust model bulletproof. Start by securing identity — without compromise.

Zero Trust Without Blind Spots: Enforcing MFA and Least Privilege Across IAM

Every minute your cloud infrastructure grows, it creates new entry points for potential attacks. As organizations rush to embrace cloud innovations, they're unknowingly building digital labyrinths where traditional security measures fall short. This expanding digital maze demands a smarter approach to security—one that treats every access request, internal or external, as a potential threat.

While organizations recognize the need for Zero Trust architecture, implementing it effectively within Cloud DevOps workflows presents unique challenges. The integration must seamlessly span across containers, cloud services, code repositories, and third-party components without creating bottlenecks in the development pipeline. By embedding Zero Trust principles directly into DevOps processes, organizations can achieve continuous security validation at every stage of the software delivery lifecycle, transforming security from a potential impediment into a competitive advantage.

Join Jyotirmayee Pradeep Kumar, Vice President of Cloud DevOps at a leading global bank, as she reveals practical strategies for weaving Zero Trust security into every phase of your Cloud DevOps journey.

Key Takeaways:

- Learn proven methodologies for implementing Zero Trust controls across your CI/CD pipeline while maintaining development velocity
- Discover best practices for securing infrastructure as code, container deployments, and cloud services using Zero Trust principles
- Master techniques for implementing robust identity and access management within automated DevOps workflows
- Gain insights into establishing effective monitoring and observability patterns that align with Zero Trust architecture
- Understand how to create a seamless security framework that spans from code commit to production deployment

Harnessing Cloud DevOps Techniques to Bolster Zero Trust Security

In an increasingly complex and fast-moving security threat, controls and risk landscape, it's easy to get lost in data, tools, and competing priorities. This session explores how to build risk management techniques that serve your organisation.

There are many ways to judge risk, and many views on security threats and vulnerabilities. We talk about Zero Trust approaches, but can you truly justify why and what is needed and the impact it will have on reducing the risk?

There is a need to model and understand what threats are most relevant to your organisation, and how they could exploit your environments to gain their desired outcomes e.g. criminal gangs looking to sell data or ransom you.

This session demonstrates modelling aligned to real threat intelligence and testing outcomes, and how this equates to defined business risk.

Key Takeaways:
- Storytelling for Impact – How to communicate Zero Trust risk insights effectively to senior management.
- Reshaping with Fundamentals – Using core principles to drive meaningful organisational change towards Zero Trust.
- Cutting Through the Noise – Transforming overwhelming data into actionable, realistic models.
- Truth in Tools – Ensuring risk frameworks reflect reality, not just theory.

Threat-Based Security Risk Management – A Zero Trust Evolution

Enforcing Security with Zero Trust

As cyber threats continue to bypass traditional defences, organisations must move beyond perimeter-based security models. Zero Trust offers a modern approach built on the principle of "never trust, always verify," ensuring security at every layer of access.

This presentation highlights how expanding Multi-Factor Authentication (MFA) and enhancing Identity and Access Management (IAM) are critical enablers of a successful Zero Trust strategy. By deploying MFA universally and strengthening IAM with continuous verification, adaptive access controls, and identity governance, businesses can minimise credential abuse, enforce least-privilege access, and maintain compliance.

Attendees will gain actionable insights into practical implementation steps, best practices, and strategic outcomes for building a resilient Zero Trust architecture.

Elevating MFA and Modernising IAM

Authentication

Zero Trust

Identity Management

Access Management

Security Management

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Elevating MFA and Modernising IAM

Presented by

About this talk

Information Security