Tony Ucedavelez

Biography

Tony is the founder and CEO of VerSprite – a global security consulting firm based in Atlanta, GA. He is also the author of Wiley’s Risk Centric Threat Modeling, a book based upon a patented methodology that applies a risk or asset centric approach to threat modeling. Tony has spoken at numerous OWASP, ISACA, ASIS, ISC2, ISSA, and BSides conferences across four continents on the topics of application security, risk management, threat modeling, secure software development life cycles, and also conducted various training briefings to both development groups and company executives who need to understand the impact of security programs to business/product objectives. Tony’s 20 years of IT/IS experience began with hands-on operations in the areas of system administration, network engineering, software development. His IT formation, combined with his work in penetration testing, dynamic/ static application testing, security architecture, vulnerability, and risk management, has served Tony well to speak on realistic challenges and solutions for IT groups and businesses alike in applying realistic security measures to enterprise processes. Tony serves as interim CISO for various startups and mid-size organization and is responsible for the overall build out of these security programs.

Prior to starting VerSprite, Tony served as a professional security consultant at Dell-SecureWorks and Symantec, and also worked as a security leader across various Fortune 500 banking, financial, and information services organizations in the global Fortune 500 ranking. Tony’s leadership roles experience in security includes companies such as Equifax, SunTrust Banks, Morgan Stanley, Symantec, and SecureWorks.

Since late 2007, Tony has led the OWASP Atlanta Chapter, where he manages monthly workshops and events for the Atlanta web application security community. He also organizes BSides Atlanta – an underground grassroots un-conference that takes place annually and providing new ideas and real conversations/solutions around common challenges in InfoSec today.

Presentation Title

Presentation: Cloud Security and Mitigating Vulnerabilities

Presentation Overview

As cloud adoption moves forward, privacy and security risks in application coding need to be recognized and addressed. This discussion will focus on lessons learned as new cloud solutions are becoming available with the promise of reduced IT infrastructure costs, improved integration, and the capability of data analytics. The privacy and security challenge is to go beyond the historical approach of relying on contractual risk controls and effectively manage the risks of using these new types of third party services. In order to take this approach, it is essential to understand the typical business arrangements of many new cloud services and the importance of mitigating application security vulnerabilities. Learn about the latest challenges in Cloud migration for companies operating in the service sector and what important mitigation steps should be taken.