TALKS

AGENDA

14:30PM

BREAK

13:55PM

Hacking and other amusing activities

Daniel Cutbert

13:30PM

Is The cloud Secure? Is easy if you do it right

Francesco Cipollone - Head of Security Architecture @ HSBC GBM

Director of Event @CSA UK

Cybersecurity Strategist @NSC42

13:10PM

Chapter Overview / Activity & Research

UK Chair & Director of Research​

13:00PM

Introduction / Welcome & Logistics

UK Chapter Chair & Host

14:25PM

Future events and activities

​Francesco Cipollone - Director of Events CSA UK

14:40PM

Election & Voting

CSA - Paul Simmonds

14:50PM

Cloud Transformation Challenges

Xabi Errotabehere - VP of Engeneering @ Cloud Conformity

Justin Kampbell - Head of sales @ Cloud Conformity

15:20PM

Visibility and Control in the Cloud

Chris Hodson - EMEA CISO @ Tanium

15:45PM

Data Governance in a Cloud First World

Dhivya Venkatachalam - Consulntant @ Data Synergie

16:10PM

BREAK

16:20PM

Securing Containers

Dave Walker - Security Architect @ AWS

16:45PM

Securing web API/webApp in the cloud, use cases of API based attacks in the field

Kriti Mohul - Security Engineer Checkpoint

17:05PM

Safe as Clouds. The Journey from Legacy to Cloud-Native Security Principles

Craig Savage - Security Architec @ WMVware

Cloud Pentesting and other amusing things

Daniel Card - Director @ Xservus

17:30PM

18:10PM

Networking and Drinks

Speech Description

13:00PM

13:10PM

13:20PM

13:55PM

14:25PM

14:40PM

14:50PM

15:30PM

15:45PM

16:20PM

16:45PM

Intro & Welcome

CSA Head / HSBC

CSA Chapter

CSA Head

Looking at public cloud security through a new lens

Xabi Errotabehere - CTO @ Cloud Conformity

Чорнобиль AKA Chernobyl

Daniel Cuthbert - Director of research Santander

Past & Upcoming Events

Francesco Cipollone Director of E vent & partnerships CSA UK

Election & Voting

Paul Simmonds CSA UK Co-Chair

Is The cloud Secure? Is easy if you do it right

Francesco Cipollone - Head of Security Architecture HSBC

Director of Event CSA UK, Cybersecurity Strategist

MD NSC42 Ltd

The talk will take the audience on a journey on the cloud evolution, the recent hacks and the need to make security everyone's responsibility.

The talk will explore major challenges in cloud transformation from an organization and security prospective with top 8 solutions to address them.

The solution will explore:

• the shared responsibility model

• Foundation architecture

• Cloud pattern available

• Design security and security by design

• Gamification and the use of EoP in everything security

• Shift left and bringing security at the beginning of development

• Security testing and automation

• DEV-SEC ops and the integration of Security and Business/Architecture

Audience Take Away:

• When starting a cloud security journey or by being already into one what shall you do and consider.

• Key security element to consider from day 1 to delivery

• automation and why is so vital to automate security vulnerability

Visibility in the cloud

Chris Hodson

Data Governance in a Cloud First World

Dhivya Venkatachalam - Consulntant @ Data Synergie

Digital Transformations and Cloud ecosystems are an inevitable reality for all modern organisations. In this journey to the cloud, Data Management and Governance becomes the need of the day. Without good data, all existing inefficiencies and limitations get propagated to the clouds. It’s essential to have good quality data available, accessible and secure to derive business value from your cloud implementations. In this session, we will talk about data focussed preparation to start your journey, what to look out for in an implementation and how to make cloud data governance operational. We will also look at data and information assets that help with the implementation, best practices and how best to embed our cloud data governance into Business As Usual

Serverless security in the cloud

Dave Walker @ AWS

​

This session will touch upon container security constructs and isolation mechanisms like capabilities, syscalls, seccomp and Firecracker before digging into secure container configuration recommendations, third-party tools for build- and run-time analysis and monitoring, and how Kubernetes security mechanisms and AWS security-focussed services interact.
 

Web API attacks - Trends seen in the field

Kriti Mohul - Engeneer Checkpoint

Cloud Services are on the increase, and so is the use of Web APIs. Connecting applications, and other services, platforms and third party connections all use Web APIs extensively. This talk will focus on raising awareness of the risks associated with the use of Web APIs, trending attacks.

17:05PM

17:30PM

17:55PM

18:00PM

Safe as Clouds. The Journey from Legacy to Cloud-Native Security Principles

Craig Savage Security Architect @ VMWare USA

​

Most information security (InfoSec) teams have a good handle on the manner in which InfoSec is designed and managed for internal or monolithic applications, but what about the cloud? The VMware InfoSec Architecture function had to redesign and reimagine those structures and models to fit a highly adaptive cloud world—all while taking into account containers, microservices, IoT, and other cutting edge advances our business employing now. Topics covered include a quick overview of the ecosystem at VMware, our methodology for high-performing InfoSec, how we have adapted our old models and architected them into our new services and solutions, and how we created our cloud security architecture model.

Hacking myself first - Building a cloud
enabled capture the flag challenge

Daniel Card Director @ Xervus

​

With data breaches occurring on what seems to be a daily basis, there must be something that cloud security can offer the world right? Well we are going to go on an offensive and defensive journey to look at how I designed, built and still operate a capture the flag service using cloud technologies and how I used offensive capabilities to ensure I only have the intended flags stolen!

Closing

CSA/HSBC

Networking and Drinks