Security teams are challenged to modernize application security practices in light of accelerating shifts to DevOps delivery models and rapid adoption of cloud-native application designs. Applications built on microservices (e.g. serverless, containers, APIs) and delivered continuously are outpacing application security teams ability to secure them. CISOs need to consider new skills, new touch points and new platforms to maintain a strong security posture in light of these trends and the speed at which they are re-shaping IT.
Application Security in a DevOps, Cloud and API World
CISO Council
October 14, 2021
Speakers
Karl Mattson
CISO
Noname Security
CISO Council Speaker
As a future-oriented information security executive my key strength is coaching and educating cybersecurity companies on listening to and interpreting the pain-points and priorities of enterprise customers. These insights help drive effective product strategies, go-to-market strategies and ongoing customer success. Over the years, I’ve had the privilege of advising several cyber entrepreneurs who are now thriving. On the heels of their success, I was looking for a new challenge. In 2020, I had the opportunity to meet with the Noname Security team early in its platform design. Recognizing that they were on the verge of solving several challenges in securing APIs, I wanted to be a part of their exciting adventure. I joined Noname as Chief Information Security Officer, where I’m currently establishing a rigorous standard for operational and security excellence, in addition to advocating for ongoing platform changes based on our customers’ needs. ABOUT NONAME SECURITY: Noname Security ensures secure APIs at the speed of business with the most powerful, complete and easy-to-use API security platform. How do I know it works? I was their first customer! I believe in the platform and want to share it with the world. According to Gartner, APIs will be the #1 attack vector by 2022. Gateways and WAFs don’t protect against API breaches or find misconfigurations. API testing and bug bounty programs have significant gaps, leaving businesses exposed. Noname resolves API vulnerabilities across 4 key pillars, or as we call it, DART: ➤ Discover ➤ Analyze ➤ Remediate ➤ Test We’ll find and take inventory of all existing APIs, use AI-based detection to illuminate risks, block attacks in real time and run tests to ensure API integrity before production. WHAT YOU CAN EXPECT: ➤ Solid engineering underpinning a product that’s ahead of the competition ➤ Flexible deployment model with many integrations that adapt to your business ➤ Coverage of the 3 main areas needed to protect APIs: posture management, detection and response and code security What are you doing to protect your company’s digital content? Keep your company’s APIs out of the news with Noname Security. LEARN MORE: See what our customers are saying about us and find more information on our website: www.nonamesecurity.com
Bill Merritt
Principal Architect, IT Security (Security & Privacy)
Gilead Sciences
CISO Council Speaker
Senior Architect/Manager with extensive experience in managing enterprise risk, network system architecture, security design, and administration. Experience includes managing and assessing in house, co-located and Cloud hosted enterprise network environments, large messaging environments, as well as disaster recovery, business continuity, information security, and local and network software development and deployment. Experience also includes management of large and complex projects including application and datacenter deployments and migrations, and the use of SDLC processes including Agile and Six Sigma methodologies. Also, large integration projects matching business needs to the proper technology and implementing the solution in Enterprise and mobile environments. Managing and supervising direct staff of 5 to 140, as well as personnel from technology consulting partners.
Gary Hayslip
CISO
SoftBank Investment Advisers
CISO Council Speaker
Experienced Global Chief Information Security Officer with repeated success delivering innovative security programs to safeguard billion-dollar enterprises at every touchpoint. Intensely focused on driving continuous improvement that maximizes security program efficiency and minimizes costs. An insightful thought leader with proven business acumen and commitment to organizational mission, values, and goals. Demonstrated ability to collaborate at all levels to champion new ideas, gain buy-in, and build consensus. Exceptional communication and public speaking skills; adept at presenting multifaceted security & risk concepts to audiences of varying knowledge levels.
Larry Whiteside
Co-Founder & President
Cyversity
CISO Council Speaker
Larry Whiteside Jr. is a veteran CISO, former USAF Officer, and thought leader in the Cybersecurity field. He has 25+ years’ experience in building and running cybersecurity programs, holding C Level Security executive roles in multiple industries including DoD, Federal Government, Financial Services, Healthcare, and Critical Infrastructure.
Larry currently serves as the Chief Technology Officer and Chief Security Officer at CyberClan, a full service Global Incident Response and Managed Security Services Provider for the small to medium sized business.
Larry is also the Co-Founder, President, and on the Board of Directors at the International Consortium of Minority Cybersecurity Professionals (ICMCP), a 501(c)3 non-profit association that is dedicated to increase the number of minorities and women in the cybersecurity career field through providing workforce development that includes skills assessment, training, education, mentorship, and opportunity.
Since 2009, via Whiteside Security, which he founded, Larry has advised several corporate security executives and companies across the cybersecurity industry on how to make Cyber Security a number one objective to their business. He has helped CEOs and board members of private cybersecurity companies achieve their goals in sales, marketing, and customer retention.
Larry has spoken in front of C Level leadership and Board of Directors of some of the largest private and public sector organizations in America. A thought leader in the industry with extensive experience presenting at conferences such as the Gartner Security Summit, RSA Conference, and SC World Congress, Larry has been featured in many articles relating to information security and risk management.
Larry received his Bachelor of Science degree in computer science at Huston-Tillotson University.
Sujeet Bambawale
CISO
7-Eleven
CISO Council Speaker
It is an honor and a privilege to serve as the Chief Information Security Officer of an iconic global brand that has a deep, cherished, always-on connection into communities everywhere. Information Security at 7-Eleven focuses on maintaining and enhancing an industry-leading, comprehensive and cohesive security fabric around our business value drivers in a customer-obsessed manner. The 7-Eleven Information Security organization brings together the various technical domains within Information Security with the force multipliers of Governance, Risk and Compliance as well as Data Protection to facilitate unified accountability and expedient action.
I came to 7-Eleven from Symantec's Consumer Business Division where I had the honor of driving a global security engineering portfolio. Prior to joining Symantec via the LifeLock acquisition, I spent 5 years at NetApp, and over 10 years with Intuit; after working with the information security and risk management teams at Ernst & Young and KMPG. I have been responsible for leading key security initiatives that helped integrate security into the culture of the company and extend the brand into global markets. It has been a great honor to lead NetApp's ISO27001 recertification, speak at NetApp's conferences in Berlin and Tokyo and be a recipient of Intuit's Innovation Award. At Ernst & Young and KPMG; I was responsible for developing risk mitigation strategies primarily for Fortune 500 clients in the financial and technology sector.
My focus is on maturing the organization's security posture by driving execution to a well-socialized and accepted security strategy that benefits internal and external stakeholders through a pragmatic mix of building cross-organizational relationships and developing people managers. I have a Masters degree in Electronics Engineering and am a Certified Chief Information Security Officer (C|CISO), a Certified Information Security Manager (CISM) as well as Certified in the Governance of Enterprise IT (CGEIT). Most recently, I was fortunate to learn about organizational leadership at global scale, with a focus on innovation and cybersecurity; from my professors and colleagues at the Haas Business School in UC Berkeley.
I support the local and global security community by contributing to non-profit security organizations in a leadership capacity, offering mentorship and being an executive sponsor for key initiatives like Women in Technology, hiring veterans and academic programs designed to help kids & young adults stay safe online.
Eric Staff
CTO/CISO
Community Medical Centers
CISO Council Speaker
Community Medical Centers is a private, not-for-profit healthcare network based in Fresno, California, operating four hospitals, a cancer institute along with several long-term care, outpatient and other healthcare facilities. Eric, as Chief Technology and information security officer has a demonstrated history of working in the hospital & health care industry. Skilled in Healthcare Management, Information Security, Performance Improvement, Healthcare Information Technology (HIT), and Revenue Cycle. Strong information technology professional with a Master of Science (M.S.) focused in Cyber/Computer Forensics and Counterterrorism from University of Phoenix.
October 14, 2021
CouncilAgenda
All times Pacific Standard Time (PST)
3:00 PM-4:15 PM
Application Security in a DevOps, Cloud and API World
Chair
Larry Whiteside
Co-Founder & President
Cyversity
Larry Whiteside Jr. is a veteran CISO, former USAF Officer, and thought leader in the Cybersecurity field. He has 25+ years’ experience in building and running cybersecurity programs, holding C Level Security executive roles in multiple industries including DoD, Federal Government, Financial Services, Healthcare, and Critical Infrastructure.
Larry currently serves as the Chief Technology Officer and Chief Security Officer at CyberClan, a full service Global Incident Response and Managed Security Services Provider for the small to medium sized business.
Larry is also the Co-Founder, President, and on the Board of Directors at the International Consortium of Minority Cybersecurity Professionals (ICMCP), a 501(c)3 non-profit association that is dedicated to increase the number of minorities and women in the cybersecurity career field through providing workforce development that includes skills assessment, training, education, mentorship, and opportunity.
Since 2009, via Whiteside Security, which he founded, Larry has advised several corporate security executives and companies across the cybersecurity industry on how to make Cyber Security a number one objective to their business. He has helped CEOs and board members of private cybersecurity companies achieve their goals in sales, marketing, and customer retention.
Larry has spoken in front of C Level leadership and Board of Directors of some of the largest private and public sector organizations in America. A thought leader in the industry with extensive experience presenting at conferences such as the Gartner Security Summit, RSA Conference, and SC World Congress, Larry has been featured in many articles relating to information security and risk management.
Larry received his Bachelor of Science degree in computer science at Huston-Tillotson University.
Panelists
Karl Mattson
CISO
Noname Security
Bill Merritt
Principal Architect, IT Security (Security & Privacy)
Gilead Sciences
Gary Hayslip
CISO
SoftBank Investment Advisers
Sujeet Bambawale
CISO
7-Eleven
It is an honor and a privilege to serve as the Chief Information Security Officer of an iconic global brand that has a deep, cherished, always-on connection into communities everywhere. Information Security at 7-Eleven focuses on maintaining and enhancing an industry-leading, comprehensive and cohesive security fabric around our business value drivers in a customer-obsessed manner. The 7-Eleven Information Security organization brings together the various technical domains within Information Security with the force multipliers of Governance, Risk and Compliance as well as Data Protection to facilitate unified accountability and expedient action.
I came to 7-Eleven from Symantec's Consumer Business Division where I had the honor of driving a global security engineering portfolio. Prior to joining Symantec via the LifeLock acquisition, I spent 5 years at NetApp, and over 10 years with Intuit; after working with the information security and risk management teams at Ernst & Young and KMPG. I have been responsible for leading key security initiatives that helped integrate security into the culture of the company and extend the brand into global markets. It has been a great honor to lead NetApp's ISO27001 recertification, speak at NetApp's conferences in Berlin and Tokyo and be a recipient of Intuit's Innovation Award. At Ernst & Young and KPMG; I was responsible for developing risk mitigation strategies primarily for Fortune 500 clients in the financial and technology sector.
My focus is on maturing the organization's security posture by driving execution to a well-socialized and accepted security strategy that benefits internal and external stakeholders through a pragmatic mix of building cross-organizational relationships and developing people managers. I have a Masters degree in Electronics Engineering and am a Certified Chief Information Security Officer (C|CISO), a Certified Information Security Manager (CISM) as well as Certified in the Governance of Enterprise IT (CGEIT). Most recently, I was fortunate to learn about organizational leadership at global scale, with a focus on innovation and cybersecurity; from my professors and colleagues at the Haas Business School in UC Berkeley.
I support the local and global security community by contributing to non-profit security organizations in a leadership capacity, offering mentorship and being an executive sponsor for key initiatives like Women in Technology, hiring veterans and academic programs designed to help kids & young adults stay safe online.
Eric Staff
CTO/CISO
Community Medical Centers
Community Medical Centers is a private, not-for-profit healthcare network based in Fresno, California, operating four hospitals, a cancer institute along with several long-term care, outpatient and other healthcare facilities. Eric, as Chief Technology and information security officer has a demonstrated history of working in the hospital & health care industry. Skilled in Healthcare Management, Information Security, Performance Improvement, Healthcare Information Technology (HIT), and Revenue Cycle. Strong information technology professional with a Master of Science (M.S.) focused in Cyber/Computer Forensics and Counterterrorism from University of Phoenix.