CSA Summit 2015

Summit Proceedings

Document Download
CSA Summit 2015 “Enterprise Cloud Adoption and Security Lessons Learned” Download PDF
Keynote: “Cloud Without Borders: Paving the Way for Global Security and Privacy”
Presented by: Phillippe Courtot, Chariman & CEO, Qualys
Download PDF
Late Breaking CyberSecurity Session
Presenting: Brigadier General (Ret.) Nadav Zafrir, Cyber and Intelligence Expert
Download PDF
Sponsored Keynote:
“Addressing the Cloud Security Challenge: A Practitioner’s Experience”

Presenting: Jim Routh, CISO Aetna, Inc. and Rajiv Gupta, CEO Skyhigh Networks
Download PDF

CCSK Training on RSA Sunday, April 19, 2015

Sunday, April 19th, 9:00am – 5:00pm
PLI Center, 685 Market Street, San Francisco, CA 94103

Get your Certificate of Cloud Security Knowledge in San Francisco!
Taught by CCSK master training partner, HP Education Services

Register for CCSK Training

Taught by Master Training Partner HP

CSA Legal Information Center Seminar:

Hot Legal Issues in the Cloud:

Security and Privacy an Ounce of Preparation is Better than a Pound of Damage Control

Monday, April 20th, 1:15pm – 5:15pm
PLI Conference Center, 685 Market Street, San Francisco, CA 94103

This Program is Eligible for 3.0 hours of CLE general credit. The program is provided by the IT Law Group, an approved Multiple Activity Provider (#15599). It is eligible for 3 hours of MCLE general credit (no ethics, no elimination of bias, no substance abuse). If you attend this program and sign the Official Record of Attendance for California MCLE, your Certificate of Attendance will be available upon request. For CLE information, please email: [email protected]

For more information and to register:

CLIC Security Privacy 2015 Registration

Registration closes Thursday 4/16

CSA Working Group Meetings

Tuesday, April 21st, 9:00am – 5:00pm
PLI Center, 685 Market Street, San Francisco, CA 94103

Free event, open to all CSA members and other security professionals.

We encourage you to stop in for a session or two or stay the whole day. This is a great chance to meet the working group chairs, hear initiative updates and dialog directly with the working group leaders and volunteers.

9:00 Cloud Data Governance Working Group
10:15 IoT Working Group
11:30 CSA Cyber Incident Sharing Center Initiative: Overview & Pilot Discussion (Lunch provided by CSA)
1:15 Big Data Working Group
3:45 CCM/CAIQ/Cloud Brokerage/Enterprise Architecture

Session details and registration: https://www.eventbank.com/event/228/home.html

Wednesday, April 22nd, 8:30am – 5:00pm
EMC Offices: 250 Montgomery Street (4th Floor) Russian Hill Conference Room

9:00 Mobile Application Security Testing Kick – off Meeting
10:00 Open Certification Framework
11:30 Quantum – Safe Security Working Group
12:30 Subject Mater Expert Council
2:00 International Standardization Council
4:00 Virtualization working Group

Session details and registration: https://www.eventbank.com/event/233/

CSA Booth 2621 (South Hall)

No matter what your role in our industry is, CSA has something for you. Come to our booth to learn, be entertained and win prizes.

  • Learn how CSA STAR is setting the bar for cloud provider assurance and certification
  • 12:00 – 1:00 Daily: Watch the SDP Hackathon live and talk to the project experts
  • Discover how to obtain the CCSK and take your career to the next level
  • Find out how you and your organization can become more involved with CSA

CSA will be giving away:

  • A GoPro Hero each day
  • 1 Class Voucher for Cloud Computing Security Knowledge (CCSK) - Plus
  • Beats Headphones ~ Sponsored by Palerra
  • Samsung Tablet ~ Sponsored by Vormetric
  • Parrot AR.Drone 2.0 Flying Drone ~ Sponsored by Skyhigh Networks
  • Iphone Speaker ~ Sponsored by Ping Identity

SDP Hackathon

Hackathon #3: Stopping Password Based Cyber Attacks

Credential theft (stealing a user’s name and password) has been a common component of every major cyber attack. SDP Hackathon #3 will focus on validating the device authentication capabilities of Software Defined Perimeter (SDP) to stop password based cyber attacks.

For this challenge, Hackathon participants will be provided the name and password to an account held by Bob Flores (former CTO of the CIA, current Partner Cognitio) that has instructions to claim a $10,000 award. Hackathon participants must bypass SDP’s device authentication capabilities to gain access to the server with Bob’s account. The name and password will be announced at the conclusion of the CSA Summit on Monday, April 20, 12:00pm PDT.

The first Hackathon participant to gain access to Bob’s account gets $10,000.

Full contest rules and registration will be available Monday, April 20th 12:00pm PDT at: http://www.hacksdp.com/.


Sol Cates

Sol Cates
CSO, Vormetric

Sol Cates (@solcates) is the Chief Security Officer at Vormetric. As CSO, he is tasked for ensuring Vormetric’s internal security profile remains robust, while maintaining a strong pulse on the technical and business decision making process in today’s IT/IS organizations. Cates partners with teams throughout the company and the industry to engage with both customers and partners. He is sought after to speak publicly to elevate industry understanding of data security best practices in today’s complex cyber threat landscape.

Jay Chaudhry

Jay Chaudhry
Chief Executive Officer and Founder

A serial entrepreneur with more than 25 years of security industry expertise, Chaudhry founded Zscaler in 2008. He previously founded and orchestrated successful exits for several companies, including AirDefense, a wireless security pioneer; CipherTrust, the first email security gateway; and CoreHarbor, a managed ecommerce solution. In 1996, Chaudhry founded his first company, SecureIT, the first pure-play Internet security service. He previously held engineering, sales and marketing positions with IBM, NCR and Unisys. Chaudhry earned his MBA and his MS in Computer Engineering and Industrial Engineering from the University of Cincinnati and his B.Tech in Electronics Engineering from IIT BHU Varanasi.

Jerry Cochran

Jerry Cochran
Principal Security Engineering Manager, Microsoft

Jerry Cochran is a Principal Security Engineering Manager responsible for the Microsoft Office 365 Security Analysis & Response team. Previously, Jerry has spent the last 16+ years in industry and with the U.S. Air Force in various information security roles. At Microsoft, Jerry was previously a security architect with Microsoft Services and with the Trustworthy Computing Group, where he led the Global Security Strategy Team. Recently retired from a 27-year USAF reserve career, Jerry retired as a Chief Master Sergeant (E9) and was a network warfare technical lead and early contributor to military network warfare doctrine and mission capabilities, helping to establish the first network warfare squadron in the USAF. Jerry also served as the Microsoft board member and officer with the Information Technology-Information Sharing and Analysis Center (IT-ISAC) and was a founding member and executive committee member of the IT Sector Coordinating Council (IT-SCC).

Philippe Courtot

Philippe Courtot
Chairman & CEO, Qualys

Demonstrating a unique mix of technical vision, marketing and business acumen, Philippe Courtot has consistently built innovative companies into industry leaders. As CEO of Qualys, Philippe has worked with thousands of companies to improve their IT security and compliance postures. He is a member of the board of directors for StopBadware.org, and in 2012, he launched the Trustworthy Internet Movement, a nonprofit, vendor-neutral organization committed to resolving the problems of Internet security, privacy and reliability.

Before joining Qualys, Philippe was the Chairman and CEO of Signio, an electronic payment start-up that was acquired VeriSign for more than a billion dollars in February 2000. Prior to Signio, Philippe was President and CEO of Verity, where he re-engineered the company to become the leader in enterprise knowledge retrieval solutions. He also turned cc:Mail into the leader in enterprise email. French and Basque born, he holds a master’s degree in physics from the University of Paris, and came to the U.S. in 1981, where he has lived in Silicon Valley since 1987.

John DiMaria

John DiMaria
ISO Product Manager, BSI

John DiMaria is the ISO Product Manager for BSI Group Americas. He is a management system professional, Six Sigma Black Belt, certified HISP and AMBCI with 30 years of successful experience in Management System Development. John is responsible for overseeing, product management, and education. He is the product expertise spokes person for BSI Group Americas regarding all product standards covering Risk, Quality and Regulatory Compliance and the co-chair of the CSA OCF STAR and CTP Working Groups.

John has been a keynote speaker internationally and featured in many publications concerning various topics regarding information security and business continuity.

Eran Feigenbaum

Eran Feigenbaum
Director of Security, Google for Work, Google

As the Director of Security for Google for Work, Eran Feigenbaum defines and implements security strategy for Google’s suite of messaging and collaboration solutions. Prior to joining Google in 2007, he was the U.S. Chief Information Security Officer for PricewaterhouseCoopers (PwC). Before that, Feigenbaum spent several years designing and implementing high-performance cryptosystems for electronic commerce solutions for Fortune 1000 clients and government agencies. He holds a bachelor’s degree in Electrical and Computer Engineering from the University of California at Irvine, and an MBA from Pepperdine University. In his spare time, he enjoys performing magic and mentalism and was featured on the NBC television show Phenomenon.

Marc Goodman

Marc Goodman
Author of Future Crimes, Global Security Advisor; Chair for Policy, Law and Ethics, Singularity University

Marc Goodman is a global strategist, author and consultant focused on the disruptive impact of advancing technologies on security, business and international affairs. Over the past twenty years, he has built his expertise in next generation security threats such as cyber crime, cyber terrorism and information warfare working with organizations such as Interpol, the United Nations, NATO, the Los Angeles Police Department and the U.S. Government.

In recognition of his professional experience, Marc was asked by the Secretary General of the United Nations International Telecommunications Union (ITU) to join his High Level Experts Group on Global Cybersecurity. Marc has authored more than one dozen journal articles and ten book chapters on a variety of emerging security threats, including cybercrime, bio-security and critical infrastructure protection. Marc has been featured in the press by CNN, ABC, NBC, BBC, Fox News and PBS, among others.

Rajiv Gupta

Rajiv Gupta
Co-Founder and CEO Skyhigh Networks

Rajiv Gupta is a Co-Founder and CEO of Skyhigh Networks. He has more than 20 years of successful enterprise software and security experience, and is widely recognized as a pioneer of Web Services. Prior to founding Skyhigh, Rajiv was the VP/GM of the Policy Management Business Unit within Cisco. Prior to Cisco, Rajiv was the Founder and CEO of Securent Inc, acquired by Cisco. Prior to Securent, he was a Co-Founder and CEO of Confluent Software, acquired by Oblix/Oracle. Before founding Confluent, Rajiv spent 11 years at Hewlett-Packard. With more than 45 patents to his name, Rajiv is the inventor or co-inventor of some of the seminal concepts that underpin Web Services.

Patrick Harding

Patrick Harding
Chief Technical Officer, Ping Identity

Patrick Harding is the CTO of Ping Identity, responsible for Ping Identity Labs, emerging technologies, architecture and standards, and developing Ping's technology strategy. Previously, Harding was a VP and the Security Architect at Fidelity Investments. Mr. Harding has a Bachelor of Science Degree in Computer Science from the University of New South Wales in Sydney, Australia.

Patrick Heim

Patrick Heim
Head of Trust & Security, Dropbox

Patrick has been the Head of Trust & Security at Dropbox since January 2015. In this role he is accountable for ensuring security and compliance for both the company and the Dropbox service. Prior to Dropbox, he was the Chief Trust Officer at Salesforce.com. Patrick has held CISO positions at Kaiser Permanente and McKesson. His career also spans two security technology startup companies and time leading security consulting, penetration testing and auditing teams at Ernst & Young.

Patrick is also currently on the board of directors at Cylance and advises several security startup companies.

Rehan Jalil

Rehan Jalil
CEO Elastica

Rehan Jalil, President and CEO of Elastica, is a serial entrepreneur, limited partner in technology venture funds and advisor to few startups. Previously, he built WiChorus from scratch and developed industry leading mobile platform, that successfully outcompeted large incumbents, to be deployed in global mobile networks. WiChorus was acquired for $180 million within 4 years. He holds an AMP from Harvard Business School, MS from Purdue and BS from NED. He has over 25 patents pending and was named Ernst and Young Entrepreneur of the Year Finalist for 2010.

Brian Kelly

Brian Kelly
Chief Security Officer, Rackspace

As the Chief Security Officer of Rackspace, Brian Kelly is responsible for the safety and security of Rackers and Rackspace facilities, infrastructure, and data. Brian joined Rackspace in October 2014 after three decades of leadership in security, special operations, and intelligence with the U.S. Government, the Department of Defense, and the private sector. He led the Giuliani Advanced Security Center in New York and served as executive director of IT risk transformation for Ernst and Young.

Brian graduated from the U.S. Air Force Academy, where he earned a degree in management. He later earned an MBA from Rensselaer Polytechnic Institute and an MS from the Air Force Institute of Technology.

In the Air Force, Brian rose to the rank of lieutenant colonel. He led teams involved in satellite surveillance, cyber security, cyber warfare, and management of highly sensitive operations around the globe. He advised the Joint Chiefs of Staff and the Secretary of Defense and received a Department of Defense meritorious service medal.

After leaving the Air Force, Brian led business operations for Trident Data Systems, providing industry-leading security research and technology to both the public and private sectors. He later served as a partner (select) at Deloitte and Touche, president of Newbrook Technologies, and CEO of iDefense, the first cyber threat intelligence provider for the private sector. In each role, he honed his skills in executive leadership, personnel, data and facility security, incident response, and forensic evidence collection. He has worked closely with senior executives for leading companies in global financial services, technology, health care, and manufacturing.

A frequent speaker at industry conferences on security, Brian is the author of From Stone to Silicon: a Revolution in Information Technology and Implications for Military Command and Control.

Krishna Narayanaswamy

Krishna Narayanaswamy
Chief Scientist, Netskope

Krishna has 24 years of experience in the areas of security and data networking, and is an expert in deep packet inspection and behavioral anomaly detection technologies. Prior to Netskope, Krishna was a Distinguished Engineer in the security business unit at Juniper Networks. Prior to that, he was a co-founder and system architect at Top Layer Networks where he was instrumental in delivering multiple security products to the market. He has also held senior engineering roles at Fore Systems and Digital Equipment Corporation, and has been awarded over 20 patents covering a broad set of technologies. Krishna is a frequent contributor on Cloud Security Alliance’s (CSA) blog and has spoken at various events such as RSA conference, CSA Summit, Infosec World, CSA Congress, SynerComm, CloudSlam, etc.

Jim Reavis

Jim Reavis
CEO, Cloud Security Alliance

For many years, Jim Reavis has worked in the information security industry as an entrepreneur, writer, speaker, technologist and business strategist. Jim's innovative thinking about emerging security trends have been published and presented widely throughout the industry and have influenced many. Jim is helping shape the future of information security and related technology industries as co-founder, CEO and driving force of the Cloud Security Alliance.

Jim Routh

Jim Routh
CISO Aetna, Inc.

Jim Routh is the CISO at Aetna, where he leads the global information security function. Routh formerly served as the global head of application and mobile security for JP Morgan Chase. Prior, he was the CISO for KPMG, DTCC and American Express. Routh has more than 20 years of information technology and information security experience as a practitioner, management consultant, and leader of technology functions and information security functions for global financial service firms. Routh is the winner of the 2009 BITS Leadership Award, the 2007 Information Security Executive of the Year for the Northeast and is a widely recognized expert in software security program implementation. Routh served as the chairman of the FS-ISAC products and services committee and is a former board member. He is a currently a board member of the National Health-ISAC.

Chenxi Wang

Chenxi Wang
VP of Cloud Security & Strategy at CipherCloud.

Dr. Wang is VP of Cloud Security & Strategy at CipherCloud. She joins CipherCloud from Intel Security, where she was VP of Strategy, responsible for ubiquity strategy that spans both hardware and software platforms. Prior to Intel, Chenxi was a highly respected industry analyst, with the role of Vice President and Principal Analyst at Forrester Research, covering mobile, cloud, and enterprise security. Prior to Forrester, Chenxi was an Associate Professor of Computer Engineering at Carnegie Mellon University. Chenxi is a sought-after public speaker and a trusted advisor for IT executives. She has been quoted/featured by New York Times, Wall Street Journal, Forbes.com, Fox Business News, Bloomberg, Dark Reading, and many trade media outlets. She has keynoted SANS conference, RSA Asia, OWASP, and other research conferences. Chenxi holds a Ph.D. in Computer Science from University of Virginia. Her Ph.D. thesis received an ACM Samuel Alexander award for excellence in research.

Chad Woolf

Chad Woolf
Global Risk and Compliance Leader for Amazon Web Services

Chad leads the global compliance program at Amazon Web Services. His efforts focus on enabling enterprise and government adoption of cloud computing by supporting integration of the AWS environment into customers’ risk and control frameworks. The scope of Chad’s program includes governance, risk, compliance, and privacy programs.

General Nadav Zafir

General Nadav Zafir
Brigadier General (Res.) Nadav Zafrir, Cyber and Intelligence Expert

Former Commander of IDF’s Technology & Intelligence unit (8200), and Founder of the IDF Cyber Command. Nadav brings over a decade of extensive experience in cyber leadership. Nadav holds an LLB from the Interdisciplinary Center and an MBA from the International Executive MBA program of Northwestern University and Tel-Aviv University.


CSA Summit Registration has reached capacity, please register on the wait list if you wish to attend.

All CSA Summit attendees must be registered as either an RSA conference delegate, RSA Expo, or Exhibitor pass. During the RSA registration process, you will have an option to indicate your interest in attending the CSA Summit.

To receive a free Explorer Expo Pass, please use code: X5ECLOUDSC

To receive $100 off full conference registration, please use code: 1U5CSAFCD

Register for RSA

CSA Summit 2015: Enterprise Cloud Adoption and Security Lessons Learned

CSA Summit Registration has reached capacity, please register on the wait list if you wish to attend.

Monday, April 20th 9:00am to 12:00pm
Moscone Center West Room 2014

Cloud computing is now a mission critical part of the enterprise. Join us for CSA Summit 2015 to discover lessons learned from enterprise experts in securing their clouds and achieving compliance objectives. A global list of industry experts will share their experiences and discuss the key security challenges of tomorrow. Get the big picture view of the future of IT and our mandate to revolutionize security at CSA’s traditional Monday kickoff to the conference.

8:00 AM – 9:00 AM
Doors Open/Informative Cloud Security YouTube Videos Sponsored by Netskope

9:00 AM – 9:30AM

Keynote: "Cloud Without Borders: Paving the Way for Global Security and Privacy"

The cloud's growing prevalence is drastically changing the way we do business and conduct our daily lives. As the digital exchange of business and personal information increases, data security and privacy have become an acute problem that we must address. In light of the recent avalanche of data breaches, the increased sophistication of malware and disclosures such as the National Security Agency's PRISM program, cloud security and privacy worries have never been higher. This keynote explores these changes and proposes new approaches in cloud implementations to specifically address data sovereignty, while emphasizing the importance of cloud standards within common frameworks for ensuring data security and privacy across borders.

9:30 AM - 9:45AM
Speed Talk: "Future Crimes: Why Cyber Was Only the Beginning"

Presenting: Marc Goodman, Author of Future Crimes, Global Security Advisor; Chair for Policy, Law and Ethics, Singularity University

Everything is Connected; Everyone is Vulnerable, and What We Can Do About It

The future has already arrived—it’s just unevenly distributed. Though our security threats today seem daunting, we are at the earliest stages of our technological development. While much has been made of our growing levels of cyber risk, it is but the first stage in an onslaught of technological development that will leave our heads spinning. Big data, artificial intelligence, synthetic biology, the Internet of Things, virtual reality, and robotics will have profound impacts on our world—and they are all hackable. How then can we build this brave new world safely and securely? In this session, we discuss the challenges before us and consider how we might "survive progress" and thrive in our exponentially changing world.

9:45 AM - 10:40 AM
Panel: "Top 5 Security Challenges Facing the Cloud Adopting Enterprise"

Moderator: Jim Reavis, CEO CloudSecurityAlliance

Sol Cates, CSO, Vormetric
Jay Chaudhry, Chief Executive Officer and Founder, Zscaler
John DiMaria, ISO Product Manager, British Standards Institution
Rehan Jalil, President and CEO, Elastica
Krishna Narayanaswamy, Chief Scientist, Netskope
Chenxi Wang, VP of Cloud Security & Strategy, CipherCloud

Abstract: In this panel, top experts from Cloud Security Alliance member companies will weigh in on the top security challenges enterprises are facing and will provide prescriptive guidance. Cloud adoption is growing tremendously within all organizations, whether from top-down initiatives or business unit procurement. IT is trying to gain awareness of its rapidly growing cloud deployments, while at the same time being challenged by the business to accelerate cloud usage. Threat actors are gaining in sophistication, and attacks are becoming more complex. Information security departments must keep pace, while devising new strategies and architectures to protect the enterprise. Hear from the experts that are working with thousands of enterprises to address these critical issues:

  • Data Security
  • Navigating Global Trust Issues
  • Shadow IT
  • Advanced Attacks & Cyber Conflicts
  • Provider Visibility & Translating Enterprise Requirements into the Cloud

10:40 AM – 10:50 AM
Late Breaking Session

Presenting: Brigadier General (Res.) Nadav Zafrir, Cyber and Intelligence Expert
Former Commander of Israel Defense Forces (IDF) Technology & Intelligence Unit (8200), Founder of the IDF Cyber Command.

10:50 AM – 11:20 AM
Sponsored Keynote: "Addressing the Cloud Security Challenge: A Practitioner’s Experience"

Presenting: Jim Routh, CISO Aetna, Inc. and Rajiv Gupta, CEO Skyhigh Networks

Security concerns stubbornly remain the top reason why corporations resist using public cloud services. But given the very real and measurable benefits of the cloud — improvements in agility, flexibility, employee productivity, and cost — and the fact that our employees are using public cloud services despite these concerns, corporations are desperately seeking to address the security challenge in order to safely adopt public cloud services.

Learn how Jim Routh, CISO at Aetna, tackled Cloud Security. Specifically hear how he gained visibility into the size, scope, and risk of shadow IT, proactively identified and then armed with that knowledge proceeded to meet employees’ needs for new cloud services, and protected corporate data in public cloud services.

11:20 AM-12:00 PM
Closing Keynote Panel: "Enterprise Lessons: The Cloud Provider Perspective"

Moderator: Patrick Harding, Chief Security Officer, Ping Identity

Jerry Cochran, Principal Security Engineering Manager, Microsoft Office 365
Eran Feigenbaum, Director of Security, Google for Work, Google
Patrick Heim, Head of Trust & Security, Dropbox
Brian Kelly, Chief Security Officer, Rackspace
Chad Woolf, Global Risk and Compliance Leader for Amazon Web Services

Enterprises have unique security & compliance challenges that cloud providers must accommodate. Enterprises also may be trying to leverage security practices in the cloud that are no longer optimal. Our panelists have war stories about how enterprise challenges became successes in the cloud, and can provide anecdotes of the critical success factors.

What do enterprises need to be thinking about in the future (strategy, architecture, governance) to optimize their cloud adoption while protecting their enterprise? Listen to the best and the brightest among cloud providers to learn from their experiences partnering with customers to deliver secure enterprise cloud computing.

Summit Sponsors

Platinum Sponsor

Gold Sponsors

Silver Sponsors

Bronze Sponsors

CSA Summit Supporters