Application Security in a DevOps, Cloud and API World

CISO Dinner

September 15, 2022 - Seattle, WA

Visionaries

Dan Manley
Managing Director - CISO
CME Group

Dinner

Managing Director and CISO with 30 years of professional experience related to cyber security, technology, risk management, audit and control with leadership roles at CME Group, Allstate and KPMG. Broad technology background, with specialization in – Cyber Security - Information Technology – Business Resiliency (continuity, availability and recovery) – Global Risk and Compliance – Large-scale program delivery
Tom Mustac
Senior Director Cybersecurity
Mount Sinai Health System

Dinner

Dr Mustac is responsible for the cybersecurity of connected devices across The Mount Sinai Health System's internationally acclaimed facilities including the Icahn School of Medicine at Mount Sinai, eight hospital campuses, and more than 400 ambulatory practices with revenues exceeding $8B. Active management and remediation of known vulnerabilities across all platforms and technologies and incident response activites.

Collaborate with device manufacturers, leading medical institutions, and government agencies to promote the adoption of standards, industry best practices, and building consensus to promote patient safety across all audiences.

Education of stakeholders regarding the cyber risks of connected medical devices, IoT devices, and the mitigation of risk and best practices to protect the infrastructure of their facilities.

Shamla Naidoo
Head of Cloud Strategy & Innovation
Netskope Inc

Dinner

Shamla Naidoo, Head of Cloud Strategy & Innovation at Netskope, has led global cybersecurity programs for IBM, Starwood/Marriott, Anthem/Wellpoint, Northern Trust and others, and serves as an independent board director for multiple global companies. She regularly consults for Federal, State, defense, and intelligence organizations domestically and overseas. She helps mature the cybersecurity profession through leadership roles in organizations like Security50, the Shared Security Assessments Group, Institute for Applied Network Security (IANS), HMG Strategy Group, and the Round Table Network. As the former Committee Chair on Legal Technology for the Illinois State Bar Association, she frequently speaks at legal forums for the ABA, ISBA, and others. By creating and teaching ABA-accredited courses on law, technology, and global privacy for the UIC School of Law, she educates the next generation of lawyers and adjudicators in areas of critical importance.
Harald Upegui
Director of Information Security
HealthPoint (CHC)

Dinner

Experienced Security Officer with a demonstrated history of working in the hospital & health care industry. Skilled in Computer Repair, Software Documentation, Healthcare, Business Process Improvement, IT Operations, and Troubleshooting. Strong customer service, positive thinker, and problem solver professional with a Masters of Information Systems focused in Business and Technology Integration from University of Phoenix.
Karl Mattson
CISO
Noname Security

Dinner

As a future-oriented information security executive my key strength is coaching and educating cybersecurity companies on listening to and interpreting the pain-points and priorities of enterprise customers. These insights help drive effective product strategies, go-to-market strategies and ongoing customer success. Over the years, I’ve had the privilege of advising several cyber entrepreneurs who are now thriving. On the heels of their success, I was looking for a new challenge. In 2020, I had the opportunity to meet with the Noname Security team early in its platform design. Recognizing that they were on the verge of solving several challenges in securing APIs, I wanted to be a part of their exciting adventure. I joined Noname as Chief Information Security Officer, where I’m currently establishing a rigorous standard for operational and security excellence, in addition to advocating for ongoing platform changes based on our customers’ needs. ABOUT NONAME SECURITY: Noname Security ensures secure APIs at the speed of business with the most powerful, complete and easy-to-use API security platform. How do I know it works? I was their first customer! I believe in the platform and want to share it with the world. According to Gartner, APIs will be the #1 attack vector by 2022. Gateways and WAFs don’t protect against API breaches or find misconfigurations. API testing and bug bounty programs have significant gaps, leaving businesses exposed. Noname resolves API vulnerabilities across 4 key pillars, or as we call it, DART: ➤ Discover ➤ Analyze ➤ Remediate ➤ Test We’ll find and take inventory of all existing APIs, use AI-based detection to illuminate risks, block attacks in real time and run tests to ensure API integrity before production. WHAT YOU CAN EXPECT: ➤ Solid engineering underpinning a product that’s ahead of the competition ➤ Flexible deployment model with many integrations that adapt to your business ➤ Coverage of the 3 main areas needed to protect APIs: posture management, detection and response and code security What are you doing to protect your company’s digital content? Keep your company’s APIs out of the news with Noname Security. LEARN MORE: See what our customers are saying about us and find more information on our website: www.nonamesecurity.com
Mike Klepper
Practice Director - Application Security, Threat and Vulnerability Management
AT&T

Dinner

As the National Practice Director for Application Security, Threat & Vulnerability Management within AT&T Cybersecurity Consulting, Mr. Klepper has broad responsibilities. In addition to providing subject matter expert support to sales teams across all channels and verticals, Mr. Klepper is responsible for defining services offered regarding penetration and vulnerability testing, application security testing, managed scanning solutions, and incident response and forensics. A sought after thought leader and public speaker, Mr. Klepper makes regular appearances on AT&T Threat Traq and mentors team members in both technical and non-technical disciplines such as sales techniques, strategic problem solving, and quality assurance. With over 26 years in Information Technology and Security, Mr. Klepper brings a wealth of knowledge and experience to the AT&T Cybersecurity Consulting team. He joined the organization with the acquisition of the VeriSign Global Security Consulting business where he filled the role of the Global Application Security Practice Lead. Since coming to AT&T, Mr. Klepper has applied his management and technical skills to a steadily increasing scope of disciplines and services, leading a multi-million dollar per year practice within AT&T Cybersecurity Consulting. Prior to AT&T, Mr. Klepper held positions with a number of Value Added Resale organization before joining the Strategic Security Services team at Deloitte & Touche. Later, Mr. Klepper took a position with the security start up firm Guardent, Inc. which would eventually be acquired by VeriSign, and in turn AT&T. Through these positions of increasing responsibility, Mr. Klepper developed deep technical skills in data networking, application security, and penetration testing. As a former Payment Card Industry (PCI) Qualified Security Assessor (QSA), he continues to maintain a strong awareness of those compliance requirements. Throughout his career, Mr. Klepper has demonstrated the ability to identify and translate customer needs into proposed solutions and ultimately, completed projects. A Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), and Alien Vault Certified Security Engineer (AVSE), Mr. Klepper has had management responsibility of an organization as large as 18 people and has directly managed and executed upon multi-year, multi-million dollar projects for multiple Fortune 500 enterprises. Mr. Klepper holds a Bachelor of Science degree in Information Systems from the College of Business and Economics at the University of Idaho.
September 15, 2022

Attend this event

Not available on September 15, 2022?
View other dates for the Dinner

Agenda

All times Pacific Time
5:30 PM-9:00 PM
Application Security in a DevOps, Cloud and API World
Security teams are challenged to modernize application security practices in light of accelerating shifts to DevOps delivery models and rapid adoption of cloud-native application designs. Applications built on microservices (e.g. serverless, containers, APIs) and delivered continuously are outpacing application security teams ability to secure them. CISOs need to consider new skills, new touch points and new platforms to maintain a strong security posture in light of these trends and the speed at which they are re-shaping IT.
Harald Upegui
Director of Information Security
HealthPoint (CHC)
Experienced Security Officer with a demonstrated history of working in the hospital & health care industry. Skilled in Computer Repair, Software Documentation, Healthcare, Business Process Improvement, IT Operations, and Troubleshooting. Strong customer service, positive thinker, and problem solver professional with a Masters of Information Systems focused in Business and Technology Integration from University of Phoenix.
Karl Mattson
CISO
Noname Security
As a future-oriented information security executive my key strength is coaching and educating cybersecurity companies on listening to and interpreting the pain-points and priorities of enterprise customers. These insights help drive effective product strategies, go-to-market strategies and ongoing customer success. Over the years, I’ve had the privilege of advising several cyber entrepreneurs who are now thriving. On the heels of their success, I was looking for a new challenge. In 2020, I had the opportunity to meet with the Noname Security team early in its platform design. Recognizing that they were on the verge of solving several challenges in securing APIs, I wanted to be a part of their exciting adventure. I joined Noname as Chief Information Security Officer, where I’m currently establishing a rigorous standard for operational and security excellence, in addition to advocating for ongoing platform changes based on our customers’ needs. ABOUT NONAME SECURITY: Noname Security ensures secure APIs at the speed of business with the most powerful, complete and easy-to-use API security platform. How do I know it works? I was their first customer! I believe in the platform and want to share it with the world. According to Gartner, APIs will be the #1 attack vector by 2022. Gateways and WAFs don’t protect against API breaches or find misconfigurations. API testing and bug bounty programs have significant gaps, leaving businesses exposed. Noname resolves API vulnerabilities across 4 key pillars, or as we call it, DART: ➤ Discover ➤ Analyze ➤ Remediate ➤ Test We’ll find and take inventory of all existing APIs, use AI-based detection to illuminate risks, block attacks in real time and run tests to ensure API integrity before production. WHAT YOU CAN EXPECT: ➤ Solid engineering underpinning a product that’s ahead of the competition ➤ Flexible deployment model with many integrations that adapt to your business ➤ Coverage of the 3 main areas needed to protect APIs: posture management, detection and response and code security What are you doing to protect your company’s digital content? Keep your company’s APIs out of the news with Noname Security. LEARN MORE: See what our customers are saying about us and find more information on our website: www.nonamesecurity.com
Mike Klepper
Practice Director - Application Security, Threat and Vulnerability Management
AT&T
As the National Practice Director for Application Security, Threat & Vulnerability Management within AT&T Cybersecurity Consulting, Mr. Klepper has broad responsibilities. In addition to providing subject matter expert support to sales teams across all channels and verticals, Mr. Klepper is responsible for defining services offered regarding penetration and vulnerability testing, application security testing, managed scanning solutions, and incident response and forensics. A sought after thought leader and public speaker, Mr. Klepper makes regular appearances on AT&T Threat Traq and mentors team members in both technical and non-technical disciplines such as sales techniques, strategic problem solving, and quality assurance. With over 26 years in Information Technology and Security, Mr. Klepper brings a wealth of knowledge and experience to the AT&T Cybersecurity Consulting team. He joined the organization with the acquisition of the VeriSign Global Security Consulting business where he filled the role of the Global Application Security Practice Lead. Since coming to AT&T, Mr. Klepper has applied his management and technical skills to a steadily increasing scope of disciplines and services, leading a multi-million dollar per year practice within AT&T Cybersecurity Consulting. Prior to AT&T, Mr. Klepper held positions with a number of Value Added Resale organization before joining the Strategic Security Services team at Deloitte & Touche. Later, Mr. Klepper took a position with the security start up firm Guardent, Inc. which would eventually be acquired by VeriSign, and in turn AT&T. Through these positions of increasing responsibility, Mr. Klepper developed deep technical skills in data networking, application security, and penetration testing. As a former Payment Card Industry (PCI) Qualified Security Assessor (QSA), he continues to maintain a strong awareness of those compliance requirements. Throughout his career, Mr. Klepper has demonstrated the ability to identify and translate customer needs into proposed solutions and ultimately, completed projects. A Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), and Alien Vault Certified Security Engineer (AVSE), Mr. Klepper has had management responsibility of an organization as large as 18 people and has directly managed and executed upon multi-year, multi-million dollar projects for multiple Fortune 500 enterprises. Mr. Klepper holds a Bachelor of Science degree in Information Systems from the College of Business and Economics at the University of Idaho.

In Partnership With