PAST EVENTS

Security Architecture Strategies

 

Strategies to secure business driven enterprise architecture.

 

July 8, 2021

 

9:00am-5:00pm CST; 10:00am-6:00pm EST

 

7 CPE / 0.7 CEU / CISSP / 7 PDU Credits Awarded

 

Conference location: ONLINE

      

Overview

 

In order to build and run applications securely there are key architectural components that need to be in place. Without infrastructure components like proper encryption, standard authentication methods and logging standards developers are challenged to build secure applications. Without proper pre-production testing and event logging / analysis knowing if an application is under attack and should you worry when it is becomes virtually impossible. With the advent of containers and the ability to scale application across different platforms the problem only gets compounded.

 

This conference will present the key architectural components your company should have in place that will allow you to build, run and monitor applications more securely.

What You Will Learn

 

The C-suite understands that security policies and controls have a direct impact on the ability of organizations to respond to business disruption.

 

In this one day virtual conference, attendees will learn:

  • My Zero Trust Journey- From Conception to Design and Implementation
  • Scaling App, Service and API Authorization Governance
  • API MythBusters: Crushing Five Security Myths that are Crushing Your Safety
  • What You Don’t Know Will Hurt You: Why ESM is Vital to Your EA Program
  • Zero Trust is Not Hard… if You’re Pragmatic
  • Cyber Warfare: How CISOs are Refining their Security Framework (Panel discussion)

 

Conference Price: $0.00 per person

 

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

Conference Program

8:30am – 9:00am CDT: Open Networking

9:00am-10:00am CDT: My Zero Trust Journey- From Conception to Design and Implementation

 

 

Moderator:
Annur Sumar, CTO, Maetech
Featured Speakers:
Ricardo Lafosse, Chief Information Security Officer, Kraft Heinz
Mitch Christian, Information Security Officer – Global, Synergy Global Housing

 

In this session, we will hear from Ricardo Lafosse and Mitch Christian as to how went about designing and implementing Zero Trust in his environment.  They will share strategies, tactics, and pitfalls to avoid.

 

 

       
Lafosse      Christian     Sumar

10:00am -10:30am CDT: Networking Break

10:30am-11:30am CDT: Scaling App, Service and API Authorization Governance 

 

Nathanael Coffing, Founder and Chief Strategist, Cloudentity

 

In this session, Nathanael will explore:

  • Current Authorization Challenges
  • Why to externalize Authorization policy management and controls
  • Declarative Authorization; what, how, where for legacy and k8s
  • Consent Based Authorization; privacy consent as a self-service
  • Automating API / service visibility and on-boarding
  • Fine-grained authorization policy and transactional enforcement
  • Governance and reporting of APIs, Identity and Authorization

 

 


Coffing

11:30am-12:30pm CDT: API MythBusters: Crushing Five Security Myths that are Crushing Your Safety

 

Sean Boulter, Solution Architect, Salt Security

 

Digital transformation and application modernization are exponentially driving up the use of APIs. We’re using more APIs than ever, and they’re more functional than ever. They’re also more attractive to hackers than ever, but lots of organizations are hanging onto old ways of thinking about API security.

 

Join our lively discussion on the top five common industry myths surrounding API security. You’ll learn the pitfalls of some misguided API security approaches, cut through the hype around a few security trends, and get recommendations on how to improve your organization’s API security strategy.

 

Key takeaways:

  • The impact trends such as zero trust, cloud migration, containerization, and shift-left are having on API security
  • The role of traditional security controls in API security – what they deliver and where they fall short
  • The value of a full lifecycle approach in grappling with API security
  • How to deploy dedicated API security that fits today’s automated, agile, and cloud-first environments

 


Boulter

12:30pm – 1:30pm CDT: Lunch Break

1:30pm-2:30pm CDT: What You Don’t Know Will Hurt You: Why ESM is Vital to Your EA Program

 

Michael Lines, Head of Product Security, LeanIX, Inc.

 

Many Enterprise Architecture programs fail to fully consider SaaS as a part of the asset portfolio, and as a result do not have a sufficient understanding of where and how SaaS is being used to properly guide digital transformation and business enablement. In this session, Michael will review why SaaS needs to be a part of the EA practice, and the key challenges in Enterprise SaaS Management.

 


Lines

2:30pm – 3:00pm CDT: Networking Break

3:00pm-4:00pm CDT: Zero Trust is Not Hard… if You’re Pragmatic 

 

Vivian Tero, Senior Product Marketing Manager, Illumio

 

Zero Trust has been in Illumio’s DNA since its inception- even before the security strategy/philosophy became the security buzzword du jour. Illumio was founded to enable enterprises to execute least-privilege security controls, reduce the attack surface, and obstruct the lateral spread of malware and ransomware.

 

There’s been a ton of “zero-trust washing” in the last 12 months. This session is intended to clear up some of this confusion. Here, you will learn:

  • How to make sense of NIST 800-207 (Zero Trust Architecture)
  • Critical capabilities of Zero Trust Systems
  • Top 5 practical steps that Illumio’s enterprise and federal customers have done to design, build, and advance their zero trust architectures
  • Key lessons learned from Illumio’s own zero trust journey.

 


Tero

 

Conference Price: $0.00 per person

 

Each attendee will receive a certificate awarding 7 CPE credits for CISSP continuing education, in addition to 0.7 CEUs and 7 PDUs. CISSP is a registered certification mark of (ISC)², Inc.

 

Exhibits

As is always the case at CAMP IT Conferences events, the talks will not include product presentations. During the breaks, you will have the opportunity to informally meet representatives from the following sponsoring companies, who have solutions in the area of the conference.

CONFERENCE CO-SPONSORS