Open Multi-Cloud Security Notification

Spring 2021

There is a wall of worry descending upon every large enterprise.   As their public cloud  consumption increases so too does the volume of security alerts, notifications, events etc.  There are no common definitions of similar cloud security notifications, driving up tool and personal bloat.  There is no cloud loop feedback between cloud providers and their tenants for GRC (Governance, Risk and Controls).  This notification crisis increased the gaps between CSPs to the point where their tenants do not have minimal viable security posture.  There needs to be common language, definition and syntax for CSPs to send security notifications to their customers.  This is the problem that the ONUG Collaborative is tackling in the Cloud Security Notification Framework or CSNF.  In this session hear from ONUG Collaborative Steering Committee members on CSNF and its market adoption progress.


Don is an accomplished leader in successfully developing and executing business and technology strategy.

Don is CEO and Co-Founder of Concourse, an emerging leader in public cloud management and governance services, as well as a Senior Advisor at McKinsey Corporation.

Don spent 28 years at Goldman Sachs, during which time he held senior leadership roles in Technology in New York, London, Hong Kong and Tokyo. Don led the global technology division for Goldman from 2012 to 2016 and was named a partner of the firm in 2006 and Managing Director in 2000. Don was the CIO for Asia Pacific from 2001 to 2006 and served on the Asia management committee. Since relocating to the US in 2006, Don co-chaired the IBD Technology Investment Committee and was a member of the firm’s Firmwide Risk, Market Risk and Business Standards committee.

Don played an integral role in creating Goldman’s business systems architecture, algorithmic trading and risk management platform as well as leading strategic firm wide investments in VDI, Data architecture, AI and Cloud / Software Defined Infrastructure. He also created and led the teams responsible for the development of Symphony and Orbit which were subsequently spun out of the firm as broader industry platforms.

Within the technology industry, Don has been an active and vocal proponent of Open Source and Open Standards communities including acting as a founding board member of the Open Compute Project.

Don and his family reside in New York City where he is actively engaged in education and arts, serving on the board of the New York Foundation for the Arts, Columbia University School of Professional Studies, Marist College board of trustees and Teaching Matters.

Ann Johnson is Corporate Vice President of SCI Business Development at Microsoft. She oversees the investment and strategic partner strategy roadmap for security, compliance, and identity for one of the largest tech companies on our planet to help organizations become operationally resilient on their digital transformation journey and unlock capabilities of Microsoft’s intelligent cloud and next generation AI. She is a member of the board of advisors for FS-ISAC (The Financial Services Information Sharing and Analysis Center), an advisory board member for EWF (Executive Women’s Forum on Information Security, Risk Management & Privacy), and an advisory board member for HYPR Corp. Ann recently joined the board of advisors for Cybersecurity Ventures. For more about Microsoft’s Cybersecurity Solutions, visit the Microsoft Security Site, or follow Microsoft Security on Twitter at Msft Security Twitter or Msft WDSecurity Twitter. You can also hear her talk with some of the biggest influencers in cybersecurity each week on Afternoon Cyber Tea with Ann Johnson.

Chief Technology Officer, Digital, at Raytheon Technologies (RTX), responsible for the technical interests of the company’s Enterprise Services including the implementation of RTX’s technology strategy and vision, and the integrity of the company’s infrastructure and resources.

Previously responsible for ensuring the confidentiality, availability, and integrity of the company’s assets and its customers’ assets globally.

Experienced keynote / public speaker at Information Security events, and contributor to Information Security publications, such as:

  • secureCISO New York
  • RSA panelist
  • CISO Executive Summits
  • NEACS Cyber Security Summit
  • Feats of Strength Magazine
  • Security Current
  • FBI Academy
  • PC Magazine Desk-side Briefing
  • SC Magazine Congress
  • FS-ISAC Summits
  • BITS Working Group Meetings
  • BITS Emerging Payments Forum
  • Retail Forum
  • Shark Tank at RSA – 2016 and 2017
  • RSA Keynotes
  • Profiles in Confidence
  • Conversations with a CISO
  • Risk Committee Meetings
  • Board Meetings
  • OCC Meetings
  • Best Practice Seminars

Phil is the Chief Information Security Officer and Vice President of Google Cloud where he oversees a team of security industry experts and leaders in the Google Cloud Office of the CISO. As CISO of Google Cloud, Phil is focused on ensuring the company’s security and compliance, and engaging customers, partners and stakeholders on security and risk matters.

Prior to joining Google Cloud, Phil was a Partner at Goldman Sachs where he held multiple roles over a long career, initially as their first Chief Information Security Officer, a role he held for 17 years. In subsequent roles he was Chief Risk Officer for the firm’s operational risks, an operating partner in their private equity business and a senior advisor to the firm’s clients and executive leadership on cybersecurity, technology risk, digital business risk, and operational resilience. In addition to this, Phil was a Board Director of Goldman Sachs Bank (USA).

Before Goldman Sachs, Phil held multiple Chief Information Security Officer as well as senior engineering roles across a range of finance, energy and technology companies.

Outside of Google, Phil serves on the boards of the NYU Tandon School of Engineering and the NYU Stern Business School Volatility and Risk Institute. He also serves on the Information Security and Privacy Advisory Board of NIST and is a member of the Council on Foreign Relations.

Phil earned a BSc (Hons) in Computer Science from the University of York and an MSc in Computation and Cryptography from the Queen’s College at Oxford University. He was awarded the designation of Chartered Engineer in 1995 and Chartered Scientist in 2002 and was elected a Fellow of the British Computer Society in 2005.

I am an experienced IT leader who is passionate about information security. My experience and work involve developing innovative programs to cost effectively address IT security risk for enterprises.

I am also the founder and co-host of the Defensive Security Podcast, intended to help information security professionals grow and learn from publicly disclosed security breaches in order to better defend their own organizations.

Related events