Financial Services Stakeholder Platform
The main objective of this working group is to identify and share the challenges, risks and best practices for the development, deployment and management of secure cloud services in the financial services industry.Sign-Up View Current Projects
Working Group Leadership
I help enable organisations to safely operate and transact online in the face of dynamic and adaptive threats. After 20 years of attacking and defending top tier firms I founded Resilient Security to provide cyber risk and security advisory, consulting and services.
Jim De Haas
Cloud Security Expert
Seasoned security professional with a demonstrated history of working on critical, complex and highly available banking applications. A technology enthusiast, who enjoys collaborating with cross-functional teams. A strong communicator who can evangelize security across the organisation. Specialised in Cloud Security (Both AWS and Azure), IT Security, training DevOps engineers in security topics and making security understandable to non-secu...
Security Strategy, Threat Management. Senior Director, Information Security Strategy and Threat Mgmt at PayPal.
Innovative leader with a strong technical and business background with a track record of success across multiple technology domains and markets. Senior business management and technical leadership experience in the DOD, Private, and Government sectors. Years of experience in the management of medium to large network and systems engineering teams with significant experience in the management of large multi-million dollar data com...
Cloud Security Specialist & Senior Research Analyst
Worked for the Federal Reserve for many years and volunteered with the CSA with a focus on CCM/CAIQ V4, specifically the STA domain, and developing a comprehensive framework and guidance for defining and managing the cloud shared security responsibility model (SSRM).
I recently retired from the Federal Reserve and am now consulting with the CSA as a Senior Research Analyst with a focus on Zero Trust and Financial Services.
|Publications in Review||Open Until|
|The Six Pillars of DevSecOps - Pragmatic Implementation||Oct 10, 2022|
|Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline||Dec 07, 2022|
Who can join?
Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.
What is the time commitment?
The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.
Attend our next meeting. You can just listen in to decide if this group is a good for you or you can choose to actively participate. During these calls we discuss current projects, and well as share ideas for new projects. This is a good way to meet the other members of the group. You can view all research meetings here.
No scheduled meetings for this working group in the next 60 days.
Open Peer Reviews
Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.
The Six Pillars of DevSecOps - Pragmatic Implementation
Open Until: 10/10/2022
This document provides a high-level overview of the various tools and processes that should be considered when building out...
Security Guidance for Critical Areas of Focus in Cloud Computing v5 - Outline
Open Until: 12/07/2022
The proposed outline for the Cloud Security Alliance Security Guidance for Critical Areas of Focus in Cloud Computing v5 is...