Cloud 101CircleEventsBlog
Join top cybersecurity experts at the Raleigh, NC LevelBlue's cyber networking event June 20th!

Learn All About CSA STAR at CSA’s Annual Cybersecurity Conference

Learn All About CSA STAR at CSA’s Annual Cybersecurity Conference

Blog Article Published: 08/23/2023

Written by Megan Theimer, Content Program Specialist, CSA.

The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) program is the most complete and largest cloud assurance program in the world that constitutes an ecosystem of the best practices, standards, technology, and auditing and consulting partners. The foundation of CSA STAR, the Cloud Controls Matrix (CCM) is CSA’s framework of cloud-native control objectives and is used and mapped throughout the industry.

We will be exploring CSA STAR and CCM extensively at SECtember 2023, the essential cloud event to assist organizations in elevating their cybersecurity capabilities. Taking place September 18 - 22 in Bellevue, WA, SECtember 2023 is bringing together leading experts at the forefront of cloud security, providing deep insights into how organizations, industries. and nations are protecting their most vital assets and systems in the cloud. Six key sessions and a training course at the conference will focus on STAR and CCM. Read on to find out what each of these sessions has to offer.

Continuous Assurance with CCM

September 20, 2023, 1:30 PM - 1:55 PM

Discuss what continuous assurance is, why it’s so important, and what the pre-conditions, steps, and solutions are for achieving continuous assurance.


  • Daniele Catteddu, Chief Technology Officer, CSA
  • Valentin Mihai, Continuous Assurance Engineering, Google Cloud
  • Vikram Khare, Director - Continuous Assurance Engineering, Google Cloud

Mastering the Cosmos of Cloud Security: A Deep Dive into CSA STAR

September 20, 2023, 1:30 PM - 1:55 PM

Explore the intricate galaxy of CSA's STAR Program. Demystify the framework's critical components, unravel its multilayered structure, and decipher the journey from self-assessment to continuous auditing. Additionally, delve into real-world case studies, demonstrating how organizations leveraged STAR to illuminate their cloud security path.


  • John DiMaria, STAR Program Director, CSA
  • Troy Leach, Chief Strategy Officer, CSA

The Universal Language in Cloud - Align Cloud Controls Across Your Organization with the CCM

September 20, 2023, 2:00 PM - 2:25 PM

Discuss how you can use CCM to ensure your control environment contains the controls needed to meet compliance and regulatory requirements. Discuss techniques for performing control assurance and how to ensure appropriate control ownership in the context of the shared responsibility model.


  • David Nickles, Principal FSI Audit Specialist, Amazon Web Services
  • John McDonald, Managing Director & Chief Controls Officer - Cloud & Barclays Bank PLC Technology, Barclays

Aligning the Stars: The Cloud Security Maturity Model, CCM, and Guidance

September 21, 2023, 1:30 PM - 1:55 PM

Three years ago, Securosis and IANS released the first Cloud Security Maturity Model (CSMM) and partnered with CSA. They’ve learned an incredible amount since then and are excited to release v2.0. This major update was built in tight coordination with CSA and is designed to align with the (in-development) Security Guidance v5 and the latest additions to CCM.

Speaker: Rich Mogull, Senior Vice President, Cloud Security, FireMon

Cloud Exposure Management: Automating CCM Controls for Scalable Multi-Cloud Security

September 21, 2023, 1:30 PM - 1:55 PM

As organizations embrace complex multi-cloud environments, the demand for enhanced automation to enforce and scale critical controls has reached a pinnacle. Exposure Management offers a transformative approach that can not only harmonize CCM and other frameworks, but also embed them consistently within DevSecOps automated workflows. Get a prescriptive approach to automate your CCM controls and better quantify true cyber exposure.

Speaker: Patrick Ramseier, Senior Director of Global Specialist Security Engineering, Tenable

Panel Discussion: Exploring the Cloud Controls Matrix and its New Features

September 21, 2023, 1:30 PM - 1:55 PM

Learn about CCM from leading cybersecurity assurance subject matter experts. The panelists will explore the details of the governance, risk management, operation, technical implementation, and compliance benefits of the adoption of CCM, and how to put them into practice during an organization's cloud journey.

Speaker: Daniele Catteddu, Chief Technology Officer, CSA

STAR Lead Auditor Training

September 18 - 19, 2023, 8:00 AM - 5:00 PM

Led by an experienced instructor, this two-day course will help you learn how to effectively conduct 2nd or 3rd-party audits of a cloud service provider (CSP) against the CSA STAR Certification standard, which is a rigorous, third-party independent assessment of the security of a CSP. Learners will gain an understanding of what actions a CSP must take to achieve CSA STAR Certification, the benefits of STAR Certification, auditing principles and techniques, maturity modeling, and CCM control areas.

Trainer: John DiMaria, STAR Program Director, CSA

Expand your knowledge on STAR, CCM, cloud security controls, and cloud assurance by registering for SECtember 2023 today.

Share this content on your favorite social network today!