2021

Title: The Practical Side of DevSecOps Abstract: DevOps practices are in a place; containers are everywhere, pipelines are flying. We do Agile. We do DevOps. Now we try to follow security practices for protecting the deployed resources, too. This is a reason why DevSecOps is not hyped anymore and is gaining more prominence. There is […]

Rich Baich is AIG’s Chief Information Security Officer. In this role, he is responsible for developing, implementing, and operating an information security strategy to address AIG’s cyber risks. He is responsible for protecting AIG’s data, managing cybersecurity related risks, and ensuring regulatory compliance, while enabling the business. Prior to joining AIG, Rich was the chief […]

Cyber Insurance Panelist Bio: Mike Brannon is an experienced IT professional and long-term employee at National Gypsum Company (NGC). Branon leaxds the teams that provide infrastructure and security – We “Keep National Gypsum Running”. An IT-oriented community activist and serial networker! Presently serving on the board of Ballantyne IT Professionals – steering their CISO breakfast […]

Bio: Amy Braswell is the Chief Information Security Officer at TIAA Bank. In this role, Amy and her team are responsible for all aspects of information and cyber security. Her team manages security operations, identity and access management, security architecture, data protection, vulnerability management, risk assessments, and awareness programs. Previously, Amy worked for Wells Fargo […]

Cyber Insurance Panel Bio: Roger Callahan has over 50 years of prior experience spanning executive management and engineering responsibilities within both the National Security community and the Financial Services industry. He served as the Director for Information Assurance in the Office of the Assistant Secretary of Defense for Command, Control, Communications and Intelligence (1995-1998). At […]

Title: From API Information Leakage to Pwned AWS Accounts Abstract : In this talk, I will show a set of AWS resource policy APIs that can be abused to leak the existing users and roles in arbitrary AWS accounts. Using this technique, I conducted a reconnaissance research on GitHub to look for AWS accounts with […]

Title: Securing Generation DevOps – The Cloud Developer Abstract: Requirements on developers has shifted over the last 5 years. Team sizes are shrinking but responsibilities are growing with DevOps and accelerated SDLC. A Cloud developer must become fluent in software architecture, testing, deployment, telemetry and even security. It is less about multi-layer and more about […]

Title: Cloud Native technologies (Containers and Microservices): Security & Compliance Abstract: Industry experts talk about the future of computing, they typically aren’t just discussing infrastructure elasticity or cloud-based applications and services. These conversations revolve around transformation through application innovation, providing advanced predictive services to customers that are driven by an integrated user experience. This could […]

Title: Making Security & Legal Best Friends Abstract: Regulation, legal judgements, settlements, and common practices define today’s “best practices” in cyber and information security programs. The best security tool is not enough unless its aligned to evolving legal practices. Make the company lawyer your friend and get their help mapping your program to standards defined […]

Title: TBD Abstract: TBD Bio: Vinicius Da Costa is a senior vice president at Bank of America, responsible for delivering Zero Trust Architecture. Vinicius is an Information Technology and Security professional with 25 years of experience in financial services, retail and consumergoodsindustries. Heisastrongadvocateofdiversityandinclusion through his volunteering with Citizen Schools program to enhance education of low […]