TALKS

 
AGENDA
14:30PM
BREAK
13:55PM
Hacking and other amusing activities
Daniel Cutbert
13:30PM
Is The cloud Secure? Is easy if you do it right
Francesco Cipollone - Head of Security Architecture @ HSBC GBM
Director of Event @CSA UK
Cybersecurity Strategist @NSC42
13:10PM
Chapter Overview / Activity & Research
UK Chair & Director of Research​
13:00PM
Introduction / Welcome & Logistics
UK Chapter Chair & Host
14:25PM
Future events and activities
​Francesco Cipollone - Director of Events CSA UK
14:40PM
Election & Voting
CSA - Paul Simmonds
14:50PM
Cloud Transformation Challenges
Xabi Errotabehere - VP of Engeneering @ Cloud Conformity
Justin Kampbell - Head of sales @ Cloud Conformity
15:20PM

Visibility and Control in the Cloud

Chris Hodson - EMEA CISO @ Tanium

15:45PM
Data Governance in a Cloud First World

Dhivya Venkatachalam - Consulntant @ Data Synergie

16:10PM
BREAK
16:20PM
Securing Containers
Dave Walker - Security Architect @ AWS
16:45PM
Securing web API/webApp in the cloud, use cases of API based attacks in the field

Kriti Mohul - Security Engineer Checkpoint

17:55PM
Close
Lee Newcombe - CSA UK Chair
17:05PM
Safe as Clouds. The Journey from Legacy to Cloud-Native Security Principles
Craig Savage - Security Architec @ WMVware
Cloud Pentesting and other amusing things
Daniel Card - Director @ Xservus
17:30PM
18:10PM
Networking and Drinks
Speech Description
13:00PM
13:10PM
13:20PM
13:55PM
14:25PM
14:40PM
14:50PM
15:30PM
15:45PM
16:20PM
16:45PM
Intro & Welcome
CSA Head / HSBC
CSA Chapter
CSA Head
Looking at public cloud security through a new lens
Xabi Errotabehere - CTO @ Cloud Conformity
Чорнобиль AKA Chernobyl
Daniel Cuthbert - Director of research Santander
Past & Upcoming Events
Francesco Cipollone Director of E vent & partnerships CSA UK
Election & Voting
Paul Simmonds CSA UK Co-Chair
Is The cloud Secure? Is easy if you do it right
Francesco Cipollone - Head of Security Architecture HSBC
Director of Event CSA UK, Cybersecurity Strategist
MD NSC42 Ltd
 
 

The talk will take the audience on a journey on the cloud evolution, the recent hacks and the need to make security everyone's responsibility.

The talk will explore major challenges in cloud transformation from an organization and security prospective with top 8 solutions to address them.

The solution will explore:

  • the shared responsibility model

  • Foundation architecture

  • Cloud pattern available

  • Design security and security by design

  • Gamification and the use of EoP in everything security

  • Shift left and bringing security at the beginning of development

  • Security testing and automation

  • DEV-SEC ops and the integration of Security and Business/Architecture

Audience Take Away:

  • When starting a cloud security journey or by being already into one what shall you do and consider.

  • Key security element to consider from day 1 to delivery

  • automation and why is so vital to automate security vulnerability

Visibility in the cloud
Chris Hodson
Data Governance in a Cloud First World

Dhivya Venkatachalam - Consulntant @ Data Synergie

 

Digital Transformations and Cloud ecosystems are an inevitable reality for all modern organisations. In this journey to the cloud, Data Management and Governance becomes the need of the day. Without good data, all existing inefficiencies and limitations get propagated to the clouds. It’s essential to have good quality data available, accessible and secure to derive business value from your cloud implementations. In this session, we will talk about data focussed preparation to start your journey, what to look out for in an implementation and how to make cloud data governance operational. We will also look at data and information assets that help with the implementation, best practices and how best to embed our cloud data governance into Business As Usual

Serverless security in the cloud
Dave Walker @ AWS
This session will touch upon container security constructs and isolation mechanisms like capabilities, syscalls, seccomp and Firecracker before digging into secure container configuration recommendations, third-party tools for build- and run-time analysis and monitoring, and how Kubernetes security mechanisms and AWS security-focussed services interact.
 
Web API attacks - Trends seen in the field
Kriti Mohul - Engeneer Checkpoint
 
Cloud Services are on the increase, and so is the use of Web APIs. Connecting applications, and other services, platforms and third party connections all use Web APIs extensively. This talk will focus on raising awareness of the risks associated with the use of Web APIs, trending attacks.
17:05PM
17:30PM
17:55PM
18:00PM
Safe as Clouds. The Journey from Legacy to Cloud-Native Security Principles
Craig Savage Security Architect @ VMWare USA
 
Most information security (InfoSec) teams have a good handle on the manner in which InfoSec is designed and managed for internal or monolithic applications, but what about the cloud? The VMware InfoSec Architecture function had to redesign and reimagine those structures and models to fit a highly adaptive cloud world—all while taking into account containers, microservices, IoT, and other cutting edge advances our business employing now. Topics covered include a quick overview of the ecosystem at VMware, our methodology for high-performing InfoSec, how we have adapted our old models and architected them into our new services and solutions, and how we created our cloud security architecture model.
Hacking myself first - Building a cloud
enabled capture the flag challenge
Daniel Card Director @ Xervus
With data breaches occurring on what seems to be a daily basis, there must be something that cloud security can offer the world right? Well we are going to go on an offensive and defensive journey to look at how I designed, built and still operate a capture the flag service using cloud technologies and how I used offensive capabilities to ensure I only have the intended flags stolen!
Closing
CSA/HSBC
Networking and Drinks
 

© 2020 by CloudSecurity Alliance UK Chapter