Events

Upcoming Event:

Cloud Access Security Brokers (CASB) – are they effective?: September 22, 2016

Topic
CASB is a hot market segment. With the growth of cloud applications and services, a whole market of cloud security solutions has been born to help enterprises get a handle on their cloud environments. During this chapter meeting we’ll explore the following ideas and more from the view point of both enterprise users as well as CASB providers:

  • What’s all the buzz about?
  • How do they help solve visibility and security problems, or do they?
  • How do they compare to alternative solutions?
  • What can they do / not do? What are the pros and cons of CASBs?

We’ll start with an overview of CASB market trends presented by Doug Cahill, Senior Analyst with the Enterprise Security Group. Then Jonathan Villa, Practice Lead, Cloud Security, GuidePoint Security will talk about how and where CASB fits into a holistic Cloud Security Strategy.

Finally, Doug will interrogate our diverse panel of enterprise security executives and vendors to get the truth about CASBs. This will be an interactive session, and questions from the audience will be encouraged. As always, this will be a vendor-neutral discussion, intended to educate and explore the market without endorsing specific products.

Our panel will include security executives from enterprises using CASBs:

and vendors:

  • Livius Feinbaum, Solutions Architect, Netskope
  • Doug Felteau, SE Director, SkyHigh
  • Doug Lane, VP of Product Marketing, Vaultive

*Networking session to follow – 6:45 PM onward at Juniper Bar sponsored by GuidePoint Security and Netskope at 237 W. 35th Street, New York, NY 10001 (Come join us for the networking session even if you can’t attend the entire event!).

When
Thursday, September 22, 2016
4:30pm – 6:30pm

Where
Cisco
One Penn Plaza
9th Floor
New York, NY

To learn more about this event, please click here.
________________________________________________________________

Previous Events:
CSA NYC Summit – Enterprise Lessons Learned in Cloud Security: October 28, 2015
The Partnership Between Cloud Providers and Corporate Security Operations: June 15, 2015
Data Protection in the Cloud: April 13, 2015
2014 in Review and 2015 Predictions: December 11, 2014
Joint Chapter Meeting with (ISC)2 NJ Chapter: October 30, 2014
New York Metro Joint Cyber Security Conference (NYMJCSC)
Pharma Cloud and Security, Impact on Security Operations: July 17, 2014
Third-Party Risk Management and the Cloud: June 19, 2014
Governance, Risk and Compliance and the Cloud: April 24, 2014
A Year in Review: December 19, 2013
PRISM: October 17, 2013
Financial Services and the Cloud: August 15, 2013
Application Security: April 18, 2013
Cloud Legal Issues: Contracts, E-Discovery, IP, SLAs: February 21, 2013
Roles and Responsibilities Between Your Company & Cloud Providers: December 18, 2012
Migrating to the Cloud? Things That Your Organization Needs to Think About Now: September 19, 2012
CSO Roundtable on Cloud Computing: June 21, 2012
Healthcare and the Cloud: May 16, 2012
Incident Response in the Cloud: April 26, 2012
Data Governance in the Cloud: March 21, 2012
Understanding FedRAMP and the Federal Cloud Space: February 23, 2012
Governance, Risk and Compliance in the Cloud: January 11, 2012
Risks, Breaches, and User Experiences in the Cloud: December 7, 2011
New York Metro CSA Chapter Inaugural Kickoff Meeting: May 17, 2011

________________________________________________________________
CSA NYC Summit – Enterprise Lessons Learned in Cloud Security: October 28, 2015

Topic
The full day Cloud Security Alliance NYC Summit is a standalone event in Manhattan on October 28, 2015. This summit is co-hosted by the CSA NY Metro and CSA Delaware Valley chapters. We expect to draw about 200 well qualified attendees with an interest in cloud security from the local region.

This “must attend” event brings together industry practitioners and security luminaries for keynotes and panel discussions to discuss cloud security lessons learned by financial services and other industries. It is a fantastic opportunity to hear from thought leaders, network with your peers, and earn some CPE credits.

The CSA Summit New York has the modest cost of $25 and you can register to attend by clicking here.

When
Wednesday, October 28, 2015

Where
Executive Conference Center
1601 Broadway
New York, NY 10019

Speakers include:
- Vinay Patel, Director – Global Head of Information Security, Citi Technology
- Dan Reynolds, VP, Chief of Security & Information Architecture, Omnicom Media Group
- Peter Keenan, CISO, Lazard
- Jim Rutt, Director of IT, Dana Foundation
- Brian Kelly, Chief Security Officer, Rackspace
- Yinal Ozkan, Global Tech Leader, Financial Services, AWS
- Jim Reavis, Co-founder and CEO, Cloud Security Alliance

To learn more about this event, please click here.

________________________________________________________________
The Partnership Between Cloud Providers and Corporate Security Operations: June 15, 2015

Topic
Security operations have changed dramatically in recent years. Perimeters matter less and less while external threat intelligence and insider risk based intelligence play an ever more prominent role. As more businesses move to the cloud for core systems and applications what is the impact on the role of security operations? How is the relationship between the cloud service provider and corporate security developed in this threat driven security model? How do intelligence driven security operations function in a cloud environment?

When
Monday, June 15, 2015
3:00pm – 6:00pm

Where
Cisco
One Penn Plaza (34st between 7/8 Aves)
9th Floor
New York, NY 10119

Speakers include:
- Guy Filippelli, CEO, Red Owl Analytics
- Milan Patel, Managing Director, K2 Intelligence
- Mischel Kwon, CEO, Mischel Kwon Associates

To learn more about this event, please click here.
________________________________________________________________
Data Protection in the Cloud: April 13, 2015

Topic
Cloud adoption is increasing at a pace that shows no signs of slowing. Yet challenges remain, and organizations are especially concerned about visibility and control of their sensitive data in the cloud. Join us for an engaging session providing a variety of perspectives from industry thought leaders regarding current best practices and revolutionary new models that allow you to harness the power of cloud computing without losing control of your organization’s critical information.

Ionic Security will be hosting a Happy Hour after the event to continue the discussions and networking! Details below.

When
Monday, April 13, 2015
2:00pm – 5:00pm

Where
Cisco
One Penn Plaza (34st between 7/8 Aves)
9th Floor
New York, NY 10119

Speakers include:
- V.Jay LaRosa, Vice President, Global Security Architecture, ADP
- Bryan Orme, Principal, Information Assurance Services, GuidePoint Security
- Mike Rogers, VP of Sales & Derek Owen, Sales Engineer, Ionic Security

Happy Hour Location (Sponsored by Ionic Security)
Lugo Caffe
1 Pennsylvania Plaza (33rd St between 7th & 8th Aves)
New York, NY 10119

To learn more about this event, please click here.
________________________________________________________________
2014 in Review and 2015 Predictions: December 11, 2014

Topic
The Cloud Security Alliance New York Metro Chapter will be hosting a panel discussion looking back over the last year and providing predictions for the future of the cloud computing and security industries. Our executive panel members will discuss key events that have occurred and their impacts on our security posture.

Please join us for a conversation with some of the leading thinkers on cloud security as they share with us their analysis of 2014 and thoughts of what 2015 will bring.

We’re looking forward to a fun evening, an engaging discussion, questions and answers, drinks and networking.

Happy Holidays to all.

When
Thursday, December 11
1:30pm – 6:30pm

Where
Consulate General of Ireland – sponsored by VigiTrust
345 Park Ave (Corner of E. 51st St)
17th Floor
New York, NY 10154

To learn more about this event, please click here.
________________________________________________________________
Joint Chapter Meeting with (ISC)2 NJ Chapter: October 30, 2014
Topic
This chapter meeting will focus on application tactics and protections.

Refreshments will be served.

When
Thursday, October 30
5:30pm – 9:00pm

Where
AIG Office
2 Peach Tree Hill Road
Livingston, NJ 07039

Speakers include:
- Steve Miskovitz, Application Security Engineer for an Alexa Top 100 website
- Cindy Cullen, Security Strategist, Enterprise Security Products at HP

To learn more about this event, please click here.
________________________________________________________________
New York Metro Joint Cyber Security Conference
Topic
The New York Metro Joint Cyber Security Conference is the first collaborative event cooperatively developed, organized and sponsored by the following leading information security industry organizations and chapters:

- Cloud Security Alliance (New York Metro Chapter)
- InfraGard (New York Metro Chapter)
- ISACA (New York, New Jersey and Greater Hartford Chapters)
- (ISC)2 (New Jersey Chapter)
- ISSA (New York Chapter)
- OWASP (New York Metro Chapter)

Driven by the collaboration between members of this coalition, the strength of organizational membership, the provision of desirable CPE credits and the concurrence of National Cyber Security Awareness Month, the NYMJCSC promises to be a well-attended by members of the information technology, information security, audit, academic, and business communities.

When
Tuesday, October 7
8:30am – 5:30pm

Where
St. Francis College
180 Remsen St.
Brooklyn, NY

Topics of Interest at NYMJCSC 2014:
Our presenters are industry professionals from a variety of sectors and industry verticals and include some of the best known speakers in their fields and on the relevant topics to be covered in the various tracks, including

- “Threats, Vulnerabilities and Attacks”
- “Governance, Risk and Compliance”
- “Emerging Trends”
- “Audit and Forensics”
- “Application Security”
- “Legal, Regulatory and Standards Review”

This conference also is aligned with the National Cyber Security Awareness Month (NCSAM) activities and seeks to reach a broad audience.
________________________________________________________________
Pharma Cloud and Security, Impact on Security Operations: July 17, 2014
Topic
We will be discussing the pharmaceutical industry’s adoption of cloud technologies and its impact on security operations.

When
Thursday, July 17
6:00pm – 8:30pm

Where
Johnson & Johnson
1003 Route 202
Raritan, NJ 08869

Speakers include:
- Naill Casey, Johnson & Johnson, Director, Security Solutions
- Jim Bearce, Deloitte and Touche, LLP, Head of Fusion Solutions
- Saman Dalal, Merck & Co., Inc. Director, Compliance Officer

To learn more about this event, please click here.
________________________________________________________________
Third-Party Risk Management and the Cloud: June 19, 2014

Agenda
We will be discussing techniques to manage risk introduced by third parties in the cloud.

When
Thursday, June 19
6:00pm – 9:00pm

Where
salesforce.com
155 6th Ave,
10th Fl
New York, NY 10013

Speakers include:
- Jonathan Dambrot, Prevalent Networks, Managing Director
- Joseph Rivela, Breach Intelligence, LLC, Founder and Chief Strategy Officer

To learn more about this event, please click here.
________________________________________________________________
Governance, Risk and Compliance and the Cloud: April 24, 2014

Agenda
Is GRC in the cloud the same as GRC in traditional, on premise computing? If no, what are the differences? As more, larger and regulated companies seek to take advantage of cloud computing how should they think about GRC in the cloud?

Join us for a discussion with leading cloud GRC experts as they share what their companies did to meet their requirements. What tools were / were not helpful? And, what would they recommend to others?

In addition, we will present an overview CSA best practices and frameworks such as the Cloud Control Matrix (CCM) and the Consensus Assessment Initiative Questions (CAIQ).

The CSA is a member-driven organization dedicated to sharing experiences, lessons learned and best practices. Join us for networking and an informative conversation on the legal, policy and organizational risk issues surrounding GRC.

Speakers include:
- John DiMaria, BSI Group America Inc. CSA OCF, CTP Working Groups
- Zulfikar Ramzan, Elastica, Inc., Chief Technology Officer

To learn more about this event, please click here.
________________________________________________________________
A Year in Review: December 19, 2013

Agenda
2013 was a watershed year for both cloud computing and cloud security. There is no doubt that cloud computing is here to stay as businesses large and small adopt cloud services at an accelerating rate. But, not all industries embrace cloud computing alike. Financial services firms, which typically lead in adopting new technology are lagging in adoption of cloud services. Will they change their tune in 2014? As the year started no one had heard of Edward Snowden or knew that Cloud providers are regularly disclosing their customers’ data to the government, and not just the US Government. As we near the end of the year, it is common knowledge. Will revelations of widespread disclosure impact affect businesses desire or ability to use cloud services? Will other, non-US cloud services grow as a result?

Please join us for a conversation with some of the leading thinkers on cloud security as they share with us their analysis of 2013 and thoughts of what 2014 will bring.

We’re looking forward to a fun evening, an engaging discussion, questions and answers, drinks and networking.

Happy Holidays to all.

Speakers include:

  • Pete Dentico (Technical Director IT Infrastructure and Client Security), Ogilvy & Mather
  • Boaz Gelbord (CISO), Amplify
  • Mark Lobel (Partner), PwC

To learn more about this event, please click here.
________________________________________________________________
PRISM: October 17, 2013

Agenda
The ongoing disclosure of the extent of PRISM and other government programs, both domestically and abroad, has raised major privacy and confidentiality concerns for customers of cloud-based services. A recent CSA survey of 500 respondents found that 56% of non-US residents were less likely to use US-based cloud providers, in light of recent revelations about government access to customer information.

Companies have fiduciary obligations and other requirements to keep corporate data not only secure, but also private and confidential. In light of ongoing revelations, should companies be concerned about going to the cloud? What can businesses do to preserve the confidentiality and privacy of their data? Do the revelations raise the risk that new data residency requirements will restrict the use of cloud-based services?

The NY Metro Chapter of the CSA will be hosting an event to address these and other questions.

Speakers include:

  • Jerry Archer (Chief Security Officer), Sallie Mae
  • Chris Soghoian (Principal Technologist and a Senior Policy Analyst), ACLU Speech, Privacy and Technology Project
  • Elad Yoran (CEO), Vaultive, Inc.

To learn more about this event, please click here.
________________________________________________________________
Financial Services and the Cloud: August 15, 2013

Agenda
Like all other businesses, financial services firms, from global banks to insurance companies to hedge funds strive to deliver IT capabilities that meet the ever changing needs of their customers, whether enabling greater use of websites, mobile devices, social media and more. Likewise, as all other businesses, financial services firms seek to drive down IT costs. However, unlike other industries, financial services firms face a large and growing regulatory burden that impacts every IT process and decision.

One of the most important trends in IT is cloud computing, which promises greater scalability, cost efficiencies and ease of use. It is not surprising that the use of cloud computing has been forecasted to grow at rates well above traditional IT spending for the foreseeable future.

  • Given their regulatory burden can financial services firms take advantage of cloud computing?
  • How do financial services firms meet their regulatory requirements in the cloud?
  • How can financial services firms maintain control of their cloud data when it is hosted in a third party environment?
  • Is the cloud secure enough for financial services firms?
  • What about various international laws governing data usage and privacy?
  • How does the cloud impact data retention? Data disclosure? E-discovery?
  • Are the challenges of cloud computing too high for financial services firms or can they find a way to take advantage of the cloud and still meet their requirements?

Speakers include:

  • Mallik Prasad (Secretary), (ISC)2 NJ Chapter
  • Rudy Bakalov (Principal), Accenture Technology Consulting
  • Gurdeep Kaur (Director, Information Security), AIG Global Finance

To learn more about this event, please click here.
________________________________________________________________
Application Security: April 18, 2013

Agenda
When adopting or developing applications for the cloud, how do you ensure that those applications meet the right security level to match the data that’s moving to the cloud? Join cloud application security experts from the industry to give you some useful information in this area.

Speakers include:

  • Jason Kent (Director) and Jason Falciola (Technical Account Manager), Qualys
  • Shyama Rose (Director, Software Security Engineering), CBS

To learn more about this event, please click here.
________________________________________________________________

Cloud Legal Issues: Contracts, E-Discovery, IP, SLAs: February 21, 2013

Agenda
So you’ve moved your data to the cloud – What are the implications for your corporate data now? What happens to legal disclosure requests? What happens to attorney client privileged data? Does my SLA cover the answer to all of this? Industry cloud experts with special focus on these legal aspects of the Cloud will provide their insight and guidance on these and more issues.

Speakers include:

  • David Snead (Attorney at Law), W. David Snead, P.C.
  • Walter Delacruz (Of Counsel), Moses & Singer LLP

To learn more about this event, please click here.

________________________________________________________________

Roles and Responsibilities Between Your Company & Cloud Providers – December 18, 2012

Agenda
Most organizations, including very sophisticated ones, that put their data in the cloud do not understand the various parties in the process and each party’s roles and responsibilities. Some consumers may even believe that everything falls on the cloud provider. Industry experts will share their insight into how the breakdown of responsibilities is actually distributed.

Speakers include:

  • Peter Laberee (Founder), Laberee Law PC
  • Steve Coplan (Sr Director Marketing & Strategy), Vaultive
  • Jakub Skoniecki (Security Technology Solutions Professional), Microsoft
  • Frank Roppelt (VP, Corporate Data Security), Bank of Tokyo-Mitsubishi UFJ

To learn more about this event, please click here.

________________________________________________________________

Migrating to the Cloud? Things That Your Organization Needs to Think About Now – September 19, 2012, 6:00-10:00pm

Agenda:
Making the decision to move your organization to the cloud is a significant one, but the road leading up to the actual move provides many things to consider.

  • How do you ready your organization for the move to minimize impact?
  • What are the security challenges of the migration and how do you manage the risks?
  • What changes need to happen in the midst of migration?

Speakers:

  • Rick Dakin (CEO & Chief Security Strategist), Coalfire
  • Henry Bestritsky (CIO/CSO), Binary Tree
  • Jessvin Thomas (VP, Information Risk & Security), The Blackstone Group

To learn more about this event, please click here.

________________________________________________________________

CSO Roundtable on Cloud Computing: June 21, 2012, 6:00-9:00pm

Within most corporations, the decision of whether or not an organization should make a move to cloud technology solutions falls to the CSO. We’re bringing together CSOs from different industry verticals to share the stories of their decisions around moving or not moving to cloud technologies and what lessons they’ve learned in the process.

Participating CSOs include:

  • Dennis Dickstein – Chief Privacy and Information Security Officer (UBS Wealth Management Americas)
  • Lloyd Hession – Senior Advisor and former CSO (Bridgewater Associates)
  • Benjamin Nathan – Director, Operations and Infrastructure (Weill Cornell Medical College)
  • Steve Attias – Chief Information Security Officer (New York Life Insurance Company)

To learn more about this event, please click here.

________________________________________________________________

Healthcare and the Cloud: May 16, 2012

The NYC Metro Chapter of the Cloud Security Alliance presents- Healthcare and the Cloud: Concerns and Practical Applications.

Join leading industry technologists in a Healthcare in the Cloud-focused discussion.

What concerns are there around storing HIPAA- related data in the cloud? What are the unique items to consider when moving healthcare data to the cloud?

Industry professionals specializing in this area will weigh in. Please come along to join in the discussion.

Speakers include:

  • Stephen Rayda, Chief Technology Officer (Purdue Pharma)
  • Patty Long, Director of Global Security Operations (Johnson and Johnson)
  • Steven Polinsky, CIO (CenterLight Health System)

To learn more about this event, please click here.
________________________________________________________________

Incident Response in the Cloud: April 26, 2012

As more organizations leverage cloud technologies, undoubtedly, compromises in these new mediums will also follow. Spend an evening with CSA NY Metro chapter and some of the forward thinking minds in this area exploring this subject.

Speakers include:
- Denise Hucke, ADP (VP Global Technology Security Services)
- Jakub Skoniecki, Microsoft (Security Solutions Professional)

Additionally, Pam Fusco, CSA-NYM President will moderate a panel with industry experts, including: Paul Davis, ThreatGRID (VP Deliver).

To learn more about this event, please click here.

________________________________________________________________

Data Governance in the Cloud: March 21, 2012

Governance and the management of cloud data is important. Cloud Data Governance is a discipline involving the processes, roles and technologies for managing and governing data in cloud computing environments. The CSA has some invited some thought leaders in this space to weigh in on this topic and we have the results of the Cloud Security Alliance’s Data Governance Survey to shed some light on how the industry as a whole is faring in this space with recommendations for the industry going forward.

To learn more about this event, please click here.

________________________________________________________________

Understanding FedRAMP and the Federal Cloud Space: February 23, 2012

The CSA has invited leading authorities and consumers of the Federal Risk and Authorization Management Program (FedRAMP) to discuss the program itself, how it ties into 3rd Party Assessments and the private sector companies that work within its framework. We will present an overview of FedRAMP including the recently released baseline controls, a discussion around the 3rd Party Assessment Organizations and their relationship to FedRAMP, and we’ll also hear from a private sector company who works in the cloud space and how they are approaching FedRAMP in their business.

To learn more about this event, please click here.

FEDRAMP and 3PAO Presentation Final

Correct FedRAMP Conops 2.23.12_CSANY

________________________________________________________________

Governance, Risk and Compliance in the Cloud: CSA’s leading practices to address Legal, Policy and Organizational Risk Issues and a practical application example: January 11, 2011

The CSA has brought together some of the largest cloud providers and cloud customers to define the most important pieces of Governance, Risk and Compliance in the Cloud. The resulting frameworks are the CSA’s Cloud Controls Matrix (CCM) and Consensus Assessment Initiative Questions (CAIQ). We will present an overview of these CSA frameworks as well as hear from experts on how they’ve utilized this work with their clients as well as discuss the legal, Policy and Organizational Risk issues surrounding GRC.

To learn more about this event, please click here.

________________________________________________________________

CSA NY Metro December Meet-up: Risks, Breaches, and User Experiences in the Cloud: December 7, 2011

During this session we delved into how enterprises today are dealing with the challenges around implementing cloud computing solutions and discussed how the Cloud Security Alliance can help organizations make more informed decisions. We started by talking about the differences between private, public, and hybrid clouds and the impact of choosing one solution over another. We highlighted some specific areas of risk, including: policy and organizational (ex: loss of governance), technical (ex: availability and accountability), and legal risks (ex: subpoena). Finally, after examples from the recent news (ex: DropBox authentication) as well as specific user experiences, we focused on what the CSA is doing today and how it can help organizations.

CSA NYC.riskTolerance

________________________________________________________________

New York Metro CSA Chapter Inaugural Kickoff Meeting: May 17, 2011

Agenda
6:00-6:15 – Introductory comments and welcome
6:15-6:30 – Overview of NY Metro CSA Chapter
6:30-6:50 – Committee Chair Presentations
6:50-7:20 – Moderated Discussion on Chapter topics /Cloud points of interest
7:20-8:00 –  Peer Networking

See below for the presentation from this meeting.

CSANYMetro Inaugural Event 5172011