CSA Summit at RSA Europe 2012

CSA Innovation Conference

CSA Summit 2012 Presentation Material

Document Download
Solving Cloud Access Complexity Using a Broker Model
Girish Juneja – Director- Intel Application Security & Identity Products Group
Nebula: Securing OpenStack
Chris Kemp Founder and CEO, Nebula Inc., former CTO NASA
From Datacenter to Device: Security in the Enterprise 2012 and Beyond
Dr. Stephen Herrod, CTO and Senior VP of R&D, VMware
CSA Announcements
Jim Reavis, Executive Director - Cloud Security Alliance

CSA Booth Activities

While at RSA, swing by the CSA booth (343) and chat with CSA’s Research Director about upcoming initiatives such as our Asia Pacific expansion or our new cloud innovation and mobile computing projects. This is a prime opportunity to discuss one on one how you or your organization can uniquely benefit from becoming involved with CSA.

While you are there, enter to win several prizes:

$100 Gift Card
Sponsored by Solutionary

nCircle Security Chopper
Sponsored by nCircle (FIVE chances to win!)

Rover App-Controlled Spy Tank with Night Vision
Sponsored by Veracode

Sponsored by Qualys

Asus - Transformer Prime TF201 Tablet (TWO chances to win!)
Sponsored by Cloud Security Alliance

CSA booth visitors are also eligible to receive $50 off CCSK examination. Be sure to ask for your discount while at the booth!

CSA's booth #343 is located to the left of the entrance doors and one row over from Agiliance and Modulo.

Summit Agenda

The CSA Summit at RSA Conference 2012 is located in Moscone Center South, Gateway Room 102/103 across from the expo hall.

8:00 AM – 9:00 AM
Doors Open/Informative Cloud Security Youtube Videos/CSA Announcements

9:00 AM – 9:30AM
"Protecting State Secrets in the Cloud"

Presenting: Mike McConnell, Vice Chairman, Booz Allen Hamilton and former Director of National Intelligence & former Director, National Security Agency

9:30 AM – 10:20AM
Panel: “National and International Security Standards - The Viability of Cross-Jurisdictional Solutions”

Moderator: Tim Mather, Advisory Director, KPMG
Speaking: Marc S. Crandall, JD, CIPP, Senior Manager of Global Compliance Enterprise, Google
Baber Amin – Senior Director of Product Management, CA Technologies
Chris Wysopal, CTO, Veracode
Ashvin Kamaraju, VP Product Development, Vormetric

Today’s security standards are based on historical, legacy information technologies and don’t necessarily address cloud computing environments in an effective manner. Attempts to update them are an improvement, but will we be able to create a single (or limited) number of standards that will be viable across borders and jurisdictions? This panel discussion will cover the current standards, their applicability and a look into the future of cloud computing standards.

10:20 AM – 10:50 AM
Keynote: “Solving Cloud Access Complexity Through a Broker Model”

Speakers: Girish Juneja, Director of Intel Application Security and Identity Products, Intel
Ron Huddleston Senior, Vice President, ISV Alliances, salesforce.com

Download the Presentation

The recommended cloud security stack, standards, and operating frameworks have rapidly evolved into a set of production quality best practices for the Enterprise to use to engage each cloud provider. However, as scale is applied, managing 1-n cloud relationships and services across hybrid environments points to a brokered or intermediary model to solve security complexity, aggregate services, & add new value. Intel will present how a Cloud Access Layer & CSA standards managed by IT, Integrators or Provider “brokers” can solve complexity for user and application service interactions with the cloud.

10:50AM – 11:00AM

11:00 AM – 11:30 AM
Keynote: “Securing an OpenStack Cloud”

Speaker: Chris Kemp Founder and CEO, Nebula Inc., former CTO NASA

Download the Presentation

OpenStack is an open source software project and community that aims to deliver a massively scalable and feature-rich cloud operating system based on open standards. Thousands of developers and over a hundred companies including AT&T, Cisco, Dell and HP are now supporting the project. Chris C. Kemp, OpenStack co-founder and CEO of Nebula, will talk about strategies to mitigate some of the security challenges when using OpenStack as a private enterprise cloud, and some of the security benefits of building cloud services with OpenStack.

11:30 AM – 12:30 PM
Panel: “Cloud Innovation - The Panel's View on the Next Generation of Cloud Security Devices and Services”

Moderator: Philippe Courtot, CEO, Qualys Inc.

Patrick Harding, CTO, Ping Identity
Don Godfrey, Security Consultant, Humana (Representing Zscaler)
David Lingenfelter, Information Security Officer, Fiberlink
Matt Johansen, Threat Research Center Manager, WhiteHat Security

This panel will give attendees insight into next generation cloud security devices and services. This panel will feature experts who will examine the next iteration of innovation in Cloud Security and how these devices and services advance the industry.

12:30 PM – 1:00 PM
"From Datacenter to Device: Security in the Enterprise 2012 and Beyond"

Presenting: Steve Herrod, CTO and SVP of R&D, VMware

Download the Presentation

IT is going through a massive transformation due to virtualization, cloud and mobile access from any device anywhere. Current security architectures need to go through a significant change to keep up with this transformation. How do we preserve the best of the existing paradigm, yet embrace these new architectures? Is there a different consideration for private, public, hybrid clouds? How about PaaS and SaaS environments? In his keynote, Steve will address some of these topics, share key insights gained from talking to CIOs of enterprises and SPs, as they extend their virtualized data centers to private and hybrid clouds, and also highlight areas where the new security architecture may in fact ultimately lead to better security than was possible in the static, physical world.

Register for the Summit

All CSA Summit attendees must be registered as either an RSA conference delegate or with an RSA Expo pass. During the RSA registration process, you will have an option to indicate your interest in attending the CSA Summit.

To receive a free RSA Conference 2012 Expo Pass, please use code: 3412CSAXPO (Code expires Friday, 2/24)

To receive $100 off the RSA Conference 2012 delegate registration, please use code: 3412CSADL10 (Code expires Friday, 2/24)


If you have already registered for the RSA Conference, but have not yet selected to attend the CSA Summit at RSA, you are encouraged to update your attendance profile in the RSA portal.

Please use the following steps:

  1. Login to the My RSA Conference 2012 Portal
  2. Click User Account
  3. Near right of the Purchased Items window, click Purchase Registration Items
  4. Scroll to the bottom of the page to select Cloud Security Alliance Summit listed under Association Events
  5. Click Continue
  6. Click Process Registration


Baber Amin

Baber Amin
Senior Director of Product Management, CA Technologies

Mr. Amin is a Senior Director of product management at CA Technologies where he is primarily responsible for the product and service strategy for cloud based multi-factor authentication service, and next generation cloud security services. Previously, Mr. Amin was with Novell Inc. serving as Director of Cloud Security with Novell Identity and Security. At Novell, Mr. Amin helped position Novell as a thought leader in Identity based services, cloud and enterprise security. His primary role was to lead the overall strategy for Novell Cloud Security and oversee ongoing product direction in the area. Mr. Amin is an author on several patents in software security, web caching and content distribution.

Dave Asprey

Dave Asprey
Vice President of Cloud Security, Trend Micro

As Vice President of Cloud Security, Dave Asprey is responsible for thought leadership and technology evangelism for Trend Micro’s cloud computing and virtualization businesses.

Dave created and launched two early cloud computing service offerings, and his writing on the cloud has been published by the New York Times, GigaOm, Fortune, and CNNmoney, and PriceWaterhouseCoopers published his book-length piece on systems management. He co-chairs the Cloud Security Alliance Virtualization Working Group and sits on RSA China’s Program Committee. He is a sought-after speaker and panel moderator who has presented at more than 100 cloud, virtualization, and security conferences globally.

Philippe Courtot

Philippe Courtot
CEO, Qualys Inc.

Philippe Courtot has a history of building innovative companies and transforming them into industry leaders. As CEO of Qualys, Courtot has worked with thousands of companies to improve their IT security. Courtot received the SC Magazine Editor’s Award for bringing on demand technology to network security and for co-founding the CSO Interchange, a forum for sharing information in the security industry. Before Qualys, Courtot was the Chairman and CEO of Signio, Chairman and CEO of Verity and Chairman and CEO of cc:Mail.

Marc S. Crandall

Marc S. Crandall
JD, CIPP, Senior Manager of Global Compliance, Enterprise, Google

Marc Crandall serves as senior manager of global compliance, enterprise, at Google, where he addresses security and privacy compliance matters regarding Google’s cloud-based services. Marc has also served as product counsel for Google, where he addressed legal issues concerning the development and deployment of Google technology. Prior to joining Google in 2006, Marc served as principal legal adviser to the cyber division of the United States Federal Bureau of Investigation (FBI) in Washington, DC, where he provided legal counsel and policy advice concerning issues involving Internet forensics, security, computer crime, counterterrorism and counterintelligence operations.

Don Godfrey

Don Godfrey
Security Consultant, Humana on behalf of Zscaler

Don Godfrey, Security Consultant at Humana providing for the management of Security Products within the company. He holds a PMP certification from Project Management Institute, Inc. and a CISSP certification. Various roles that he’s held at this company and others include writing Security Policies and Standards, Project Manager for acquisition and infrastructure projects and Support / Maintenance of routers, switches, firewalls and corporate phone systems.

Patrick Harding

Patrick Harding
CTO, Ping Identity

Harding brings more than 20 years of experience in software development, networking infrastructure and information security to the role of Chief Technology Office for Ping Identity. Harding is responsible for Ping Identity’s technology strategy.

Previously, Harding was a vice president and security architect at Fidelity Investments where he was responsible for aligning identity management and security technologies with the strategic goals of the business. Harding was integrally involved with the implementation of federated identity technologies at Fidelity -- from “napkin" to production. Harding holds a BS Degree in Computer Science from the University of New South Wales in Sydney, Australia.

Steve Herrod

Steve Herrod
CTO and Senior VP of R&D, VMware

As CTO, Steve drives the company's broad technology strategy and works with engineering towards continued delivery of innovative yet elegant products. Steve leads technology collaborations between VMware engineering, partners and customers. He also plays an integral role in VMware's acquisition strategy, serves on the EMC Technical Advisory Board and is chairman of VMware's InnoLabs board. Steve was named CTO of the Year by InfoWorld in 2009.

At Stanford, Steve worked with VMware's founders on the core research behind the company and was one of the first VMware engineering directors. Prior to joining VMware Steve co-led the development of a virtual CPU with "Code Morphing" technology at Transmeta Corporation. He serves on the board of the progressive Peninsula School in Menlo Park and is working to apply cloud computing towards the improvement of the U.S. educational system.

Ron Huddleston

Ron Huddleston
Senior Vice President, ISV Alliances, salesforce.com

Ron Huddleston is Senior Vice President, Global ISV Alliances at salesforce.com. In this position, Ron leads the organization that is responsible for cultivating and managing salesforce.com’s relationships with partners building solutions utilizing salesforce.com technologies, with a focus on supporting cloud computing development efforts on the Force.com platform. This growing partner specialist team has a singular focus on partner success. Ron joined salesforce.com in 2009, following more than a 13-year career at Oracle in channel development and direct sales management.

Matt Johansen

Matt Johansen
Threat Research Center Manager, WhiteHat Security

Matt Johansen is a Threat Research Center Manager at WhiteHat Security where he oversees and assesses more than 4,500 web applications for many Fortune 500 companies across a range of technologies. He was previously a security consultant for VerSprite, where he was responsible for performing network and web application penetration tests. Mr. Johansen is also an instructor of Web Application Security at Adelphi University, where he received his Bachelor of Science in Computer Science, and San Jose State University. He has also been utilized by the SANS Institute as an industry expert for certification review.

Girish Juneja

Girish Juneja
Director of Intel Application Security and Identity Products, Intel

As a general manager, Girish oversees strategic direction and operations for Intel’s software application security and identity product lines. Girish works closely with the McAfee Cloud Security business unit in a joint go to market model cloud security products. As the co-founder of the SOA infrastructure company Sarvega, Inc., Girish led the engineering and customer services organizations to develop Sarvega's industry leading core XESOS technology and XML networking products.

Ashvin Kamaraju

Ashvin Kamaraju
VP Product Development, Vormetric

Ashvin Kamaraju leads Vormetric’s product development organization and in addition leads the partner management, strategic alliances and business development functions for technology strategy and product development. Ashvin is an experienced engineering leader with extensive background in enterprise software development, product strategy, product management and business development. Ashvin’s experience includes stints as VP of Engineering at both Veritas and Symantec. He has a Master's degree in Chemical Engineering and a Master's degree in Mathematics & Computer Science from the University of Cincinnati.

Chris Kemp

Chris Kemp
Founder and CEO, Nebula Inc., former CTO NASA

Chris C. Kemp is an entrepreneurial executive with a passion for igniting innovation in high-tech organizations. Chris is the Founder and CEO of Nebula, Inc., a company Chris founded after serving for five years in various roles at NASA.

As the Chief Technology Officer for IT at NASA, Chris was responsible for pioneering work in cloud computing, open source, and open government. Chris served on the White House Cloud Computing Executive Steering Committee, and chaired the Cloud Standards Working Group. As CIO at NASA Ames Research Center in Silicon Valley, Chris helped forge partnerships with Google and Microsoft helping create Google Moon, Google Mars, and Microsoft World Wide Telescope, and was responsible for NASA's Nebula Cloud Computing Project and co-founded the OpenStack project. Prior to joining NASA, Chris helped create the third largest online community Classmates.com, the leading web-based vacation rental platform Escapia, and the first online grocery shopping platform for Kroger, the world's largest grocery store chain.

David Lingenfelter

David Lingenfelter
Information Security Officer, Fiberlink

David is a seasoned security professional with experience in risk management, information security, compliance, and policy development. As Information Security Officer of Fiberlink, David has managed projects for SAS70 Type 2 and SOC2 Type 2 certifications, as well as led the company through audits to become the first Mobile Device Management vendor with the FISMA authorization from GSA. Through working with Fiberlink’s varied customer-base, David has ensured the MaaS360 cloud architecture meets requirements for HIPPA, PCI, SOX, and NIST. He has been an instrumental part in designing Fiberlink’s cloud model, and is an active member of the CSA, as well as the NIST Cloud working groups.

Tim Mather

Tim Mather
Advisory Director, KPMG

Tim Mather is a long-time information security practitioner, currently an Advisory Director at KPMG focusing on information protection within cloud computing security and also sits on the firm’s Global Steering Committee for Cloud Computing. Prior to joining KPMG, Tim completed a Master’s Degree in Information Assurance from Brandeis University, and consulted part-time to KPMG UK on cloud computing security. He is also co-author of the book Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance, published by O’Reilly.

Previously, Mr. Mather was Chief Security Strategist for RSA, The Security Division of EMC, responsible for keeping ahead of security industry trends, technology, and threats. Prior to that, he was Vice-President of Technology Strategy in Symantec’s Office of the CTO, and was responsible for coordinating the company’s long-term technical and intellectual property strategy. Previously at Symantec, he served for nearly seven years as CISO, responsible for development of all information systems security policies, oversight of implementation of all security-related policies and procedures, and all information systems audit-related activities.

Tim’s experience also includes seven years in Washington, D.C. working on secure communications for a classified, national-level command, control, communications, and intelligence (C3I) project, which involved both civilian and military departments and agencies.

Mike McConnell

Mike McConnell
Vice Chairman, Booz Allen Hamilton and former Director of National Intelligence & former Director, National Security Agency

Mike McConnell is Vice Chairman of Booz Allen Hamilton, where his primary roles include serving on the firm’s Leadership Team and leading Booz Allen’s rapidly expanding cyber business. After retiring from the Navy in 1996, Mr. McConnell joined Booz Allen, and led the development of the firm’s Information Assurance business and the firm’s Intelligence business focused on policy, transformation, homeland security, and intelligence analytics, rising to the position of senior vice president. Upon being asked by President George W. Bush to become the second Director of National Intelligence, he left Booz Allen and served as the DNI for two years under Presidents Bush and Obama.

Mr. McConnell’s career has spanned over 40 years focused on international development and foreign intelligence issues. His 29-year distinguished career as a US Navy intelligence officer included significant assignments that impacted national security issues. During Desert Shield/Storm and the dissolution of the Soviet Union, Mr. McConnell served as the Intelligence Officer for the Chairman of the Joint Chiefs of Staff, General Colin Powell, and the Secretary of Defense, Dick Cheney. From 1992 to 1996 he served as the Director of the National Security Agency (DIRNSA) under Presidents George H.W. Bush and William J. Clinton. As DIRNSA, he led the agency during a critical period as it adapted to the multi-polar threats brought about by the end of the Cold War, providing global intelligence and information security services to the White House, Cabinet officials, Congress, and a broad array of military and civil intelligence customers. During the same period, he also served as a member of the Director of Central Intelligence’s senior national intelligence leadership team, which addressed major programmatic and substantive foreign intelligence issues.

In addition to having been awarded many of the nation's highest military awards for meritorious service, Mr. McConnell has twice received the nation's highest award for service in the Intelligence Community, once by President Clinton and once by President George W. Bush. He has also served as the Chairman and CEO of the Intelligence and National Security Alliance (INSA). He is the 2011 recipient of INSA’s William Oliver Baker Award, which is awarded annually for sustained and excellent service in intelligence and national security.

Chris Wysopal

Chris Wysopal
CTO, Veracode

Chris Wysopal, Veracode’s CTO and Co-Founder, is responsible for the company’s software security analysis capabilities. In 2008 he was named one of InfoWorld's Top 25 CTO's and one of the 100 most influential people in IT by eWeek. One of the original vulnerability researchers, he has testified on Capitol Hill in the US on the subjects of government computer security and how vulnerabilities are discovered in software. Chris is also the author of The Art of Software Security Testing.

Chris, along with Veracode’s senior director of research Chris Eng and experts from more than 30 US and international cyber security organizations helped develop the SANS-CWE Top 25 Most Dangerous Programming Errors.

Summit Sponsors

Platinum Sponsor

Gold Sponsors

Bronze Sponsors