Application Security in a DevOps, Cloud and API World

CISO Council

September 16, 2021


Karl Mattson Noname Security
Karl Mattson


Noname Security

CISO Council Speaker

As a future-oriented information security executive my key strength is coaching and educating cybersecurity companies on listening to and interpreting the pain-points and priorities of enterprise customers. These insights help drive effective product strategies, go-to-market strategies and ongoing customer success. Over the years, I’ve had the privilege of advising several cyber entrepreneurs who are now thriving. On the heels of their success, I was looking for a new challenge. In 2020, I had the opportunity to meet with the Noname Security team early in its platform design. Recognizing that they were on the verge of solving several challenges in securing APIs, I wanted to be a part of their exciting adventure. I joined Noname as Chief Information Security Officer, where I’m currently establishing a rigorous standard for operational and security excellence, in addition to advocating for ongoing platform changes based on our customers’ needs. ABOUT NONAME SECURITY: Noname Security ensures secure APIs at the speed of business with the most powerful, complete and easy-to-use API security platform. How do I know it works? I was their first customer! I believe in the platform and want to share it with the world. According to Gartner, APIs will be the #1 attack vector by 2022. Gateways and WAFs don’t protect against API breaches or find misconfigurations. API testing and bug bounty programs have significant gaps, leaving businesses exposed. Noname resolves API vulnerabilities across 4 key pillars, or as we call it, DART: ➤ Discover ➤ Analyze ➤ Remediate ➤ Test We’ll find and take inventory of all existing APIs, use AI-based detection to illuminate risks, block attacks in real time and run tests to ensure API integrity before production. WHAT YOU CAN EXPECT: ➤ Solid engineering underpinning a product that’s ahead of the competition ➤ Flexible deployment model with many integrations that adapt to your business ➤ Coverage of the 3 main areas needed to protect APIs: posture management, detection and response and code security What are you doing to protect your company’s digital content? Keep your company’s APIs out of the news with Noname Security. LEARN MORE: See what our customers are saying about us and find more information on our website:

Esmond Kane Steward Health Care System
Esmond Kane


Steward Health Care System

CISO Council Speaker

Esmond Kane currently serves as Chief Information Security Officer (CISO) at Steward Health Care, a 35 hospital, multi-state healthcare organization that provides world class care to millions of patients annually. In his role at Steward, Esmond’s focus has been on transforming Steward’s approach to information security, threat, and risk management to comply with industry frameworks, regulations and best practices. Esmond has over 20 years’ experience leading IT and Security programs in multiple industries. Before joining Steward he served as Deputy CISO at Partners Healthcare in Boston, working with executives and advisors on cyber security and business practice

Todd Gordon EisnerAmper
Todd Gordon



CISO Council Speaker

EisnerAmper clients are based in the U.S., or comprised of U.S. business interests of foreign entities. To serve domestically-based clients with interests in financial services opportunities overseas, Eisner Amper offers the resources of offices in the UK, Israel, India and  EisnerAmper Global, with offices in the Cayman Islands, Singapore, and Ireland; as well as the services of Allinial Global. Todd, leads the information security team and is an experienced, detail-oriented, and innovative professional with proven performance in information security, enterprise-level systems administration, and project management.

Larry Whiteside Cyversity
Larry Whiteside

Co-Founder & President


CISO Council Speaker

Larry Whiteside Jr. is a veteran CISO, former USAF Officer, and thought leader in the Cybersecurity field. He has 25+ years’ experience in building and running cybersecurity programs, holding C Level Security executive roles in multiple industries including DoD, Federal Government, Financial Services, Healthcare, and Critical Infrastructure.

Larry currently serves as the Chief Technology Officer and Chief Security Officer at CyberClan, a full service Global Incident Response and Managed Security Services Provider for the small to medium sized business.

Larry is also the Co-Founder, President, and on the Board of Directors at the International Consortium of Minority Cybersecurity Professionals (ICMCP), a 501(c)3 non-profit association that is dedicated to increase the number of minorities and women in the cybersecurity career field through providing workforce development that includes skills assessment, training, education, mentorship, and opportunity.

Since 2009, via Whiteside Security, which he founded, Larry has advised several corporate security executives and companies across the cybersecurity industry on how to make Cyber Security a number one objective to their business. He has helped CEOs and board members of private cybersecurity companies achieve their goals in sales, marketing, and customer retention.

Larry has spoken in front of C Level leadership and Board of Directors of some of the largest private and public sector organizations in America. A thought leader in the industry with extensive experience presenting at conferences such as the Gartner Security Summit, RSA Conference, and SC World Congress, Larry has been featured in many articles relating to information security and risk management.

Larry received his Bachelor of Science degree in computer science at Huston-Tillotson University.

Ken Foster Fiserv
Ken Foster

Head of Global Cyber Risk Governance


CISO Council Speaker

Accomplished CISO with proven track record of implementing Cyber Security programs and strategy, a US Navy Veteran with expertise in Information Risk, Governance, and IT enterprise operations and enterprise architecture in the public and private sectors. Transformational leader that excels at developing and implementing strategic, technical, and operational security/infrastructure architectures that are aligned with business goals and objectives using a risk based methodology. Established history of innovation, utilizing technology and processes effectively to minimize operational risk, cost, and increase operational efficiency to meet business goals by building a strategy that becomes a business differentiator

Igor Volovich Cyber Strategy Partners
Igor Volovich

Security Strategist

Cyber Strategy Partners

CISO Council Speaker

Igor Volovich is the founder and chief strategist at Cyber Strategy Partners, a Washington, DC‐area cybersecurity leadership and strategy advisory practice focusing on enterprise risk management, cyber defense, governance, and compliance, and national critical infrastructure protection, serving large-scale multinationals, public sector agencies, and emerging segments such as Smart Cities, Internet‐of‐Things (IoT), Industrial-Internet-of-Things (IIoT), and Smart Grid.

Mr. Volovich has recently served as Senior Advisor, Enterprise Security Architecture and Strategy, Office of the CISO at the United States Postal Service, advising senior executive leadership on cyber risk management strategies, program development, capability maturity improvements, and governance and compliance for the Postal enterprise including IT and OT environments, creating and guiding transformative initiatives across the cybersecurity program.

Previously, Mr. Volovich served as the Chief Strategy Officer at Romad Cyber, an emerging-stage endpoint security startup, where he led product and market strategy efforts leading to two consecutive Security Shark Tank® wins for innovation and product strategy, and development of $30M in net-new enterprise business.

Mr. Volovich served as the Chief Information Security Officer (CISO) and Vice President of Global Information Security at Schneider Electric, a $32‐billion 185,000‐staff industrial automation and energy management multinational, leading the firm’s information security functions in the Americas region. Prior to joining Schneider through a merger, Mr. Volovich served as the Chief Information Security Officer (CISO) and Vice President of Information Security and Cyber Risk Management of Invensys plc, a global $5B market leader in the fields of industrial process control, automation, and safety systems (ICS/DCS/SCADA).

Before entering private practice, Mr. Volovich served as a senior member of the Corporate Incident Response and Intrusion Detection Team at Microsoft’s Trustworthy Computing (TwC) organization, where he was responsible for the architecture and management of security controls deployed in protection of Microsoft’s global information assets, as well as internal investigations and incident response functions.


Additionally, Igor has volunteered as a STARS Mentor at MACH37 (, the nation’s first cyber-focused startup accelerator operated in partnership with Virginia’s Center for Innovative Technology ( and CIT GAP Funds, advising founders and leaders of emerging cyber technology firms on product development, market positioning, and business strategy.


Mr. Volovich has worked with and advised some of the world’s leading firms including United States Postal Service, Schneider Electric, Invensys, Microsoft, MSN, IBM, Altria/Philip Morris, Standard & Poors, AT&T Wireless, Freddie Mac, FINRA, Estée Lauder, US Department of Defense, US Department of Labor, British Telecom, Pep Boys, Toyota Financial, Aviva, Asurion, as well as tech startups such as Romad Cyber, TeraBeam Networks, eCharge, and LivingSocial.


Mr. Volovich holds the CISSP designation from ISC², Certified in Risk Controls (CRISC), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) designations from the Information systems Audit and Control Association (ISACA), and the Certified Information Privacy Professional (CIPP) certification from the International Association of Privacy Professionals (IAPP).


Mr. Volovich is a member of ISC², ISACA, InfraGard, NIST Cloud Forensics Working Group, US DHS ICS‐CERT, Alliance for Gray Market and Counterfeit Abatement (AGMA Global), and the Airborne Law Enforcement Association (ALEA). In addition to his professional work, Mr. Volovich volunteered as a Flight Officer with Virginia Airborne Search and Rescue Squad, serving the Northern Virginia and DC area communities, attaining the rank of Lieutenant, and serving as Chair of the Membership Committee and a Fundraising Committee member.

September 16, 2021
Navigating 3rd Party Risk
Filling the Talent Void
The Greatest Fears?
Technology Supply Chain
Being Effective…. Securely
AI and ML: Using Emerging Technologies to Reinforce Security Defense Efforts
Patch Management and Endpoint Protection
Data Security: Cloud Computing, Mobility and Regulations

Attend this event

Not available on September 16, 2021?

View other dates for the CISO Council


All times Eastern Standard Time (EST)

3:00 PM-4:15 PM

Application Security in a DevOps, Cloud and API World

Security teams are challenged to modernize application security practices in light of accelerating shifts to DevOps delivery models and rapid adoption of cloud-native application designs. Applications built on microservices (e.g. serverless, containers, APIs) and delivered continuously are outpacing application security teams ability to secure them. CISOs need to consider new skills, new touch points and new platforms to maintain a strong security posture in light of these trends and the speed at which they are re-shaping IT.

In Partnership With