Cloud Native Security Working Group Update: People Get Ready!: Mapping Zero Trust Principles to Zero Day Realities

Spring 2023

The Cloud Native Security Working Group’s goal is to help organizations adopt Cloud Native technologies securely. In this session, the group will discuss the critical importance of having a plan in place for dealing with Zero Day vulnerabilities that is premised on the adoption of fundamental Zero Trust Principles.

Agenda:

· A Review of Essential Zero Trust Principles and Strategies

· The Zero Day Attack: What exactly constitutes a Zero Day attack – what are its defining characteristics?

· Examples: What are some recent Zero Day attacks that enterprises have experienced? How did these exploits work? Why were they effective?

· The Key to Addressing Zero Day: by mapping Zero Trust’s broad principles to interrupt and reduce / eliminate the tactics employed in the Zero Day “Playbook”

· Q&A: Attendees will have the opportunity to ask questions and discuss their own experiences and challenges related to Zero Day threats as well as Zero Trust deployment.

· Target Audience: Security professionals, IT professionals, and anyone responsible for securing cloud-native infrastructure.

Learning Outcomes:
Understanding the importance of leveraging a full suite of Zero Trust strategies and principles to blunt Zero Day vulnerabilities, exploits, and attacks
Knowledge of how and why Zero Trust provides the best approach for mitigating Zero Day threats in general – regardless of a specific attack’s characteristics
Real-world, pragmatic, and operational examples of how organizations have handled Zero Day vulnerabilities, exploits, and attacks.

 

Speakers:

Cyber Security Advisor with FedEx Services, Inc. My current focus is on securing SDN and hybrid-cloud workloads as FedEx moves towards digital transformation and away from traditional L3 networks and data centers. In my role as Cyber Security Advisor I am called on to consult on many IT projects across the various operating companies that comprise FedEx. I am the team leader for the Network Security team that is responsible for implementing micro-segmentation, security analytics, identity services, and Wifi intrusion prevention among other security platforms and initiatives. I currently hold active ISCCISSP and GIAC GSEC certifications and have been a guest speaker on network and cloud security at various conferences including Proofpoint Connect, VMworld, and Future:NET.

My background is 30+ years of experience as a Network Security Engineer / Network Manager / Network Engineer working in the IS/IT division of various companies which span half a dozen industries and government agencies.

Ken Arora is a Distinguished Engineer within F5’s Office of the CTO, focusing on cybersecurity and defining technologies for data-driven, AI-assisted security solutions.

Ken currently provides technical alignment and vision across multiple security product development teams. He also evaluates emerging technical and competitive trends to formulate a technical application security vision. Ken’s background spans both software and hardware development, and he is responsible for many of F5’s hardware/software co-designed solutions and is also passionate about workflow-driven user experience design. His current focus is around next generation Zero Trust evolution and the use of big data enabled machine learning to improve security efficacy.

Before joining F5 in 2012, Ken was architect of Intel’s Pentium and Pentium Pro processors and Cisco’s ASA product family. He later co-founded a startup that developed a hardware-accelerated solution stack for pattern matching. Ken’s first role at F5 was as architect for the BIG-IP AFM, the world’s fastest DC firewall and a primary component of F5’s SP solution, used by many of the world’s largest service providers.

Ken’s undergraduate degrees are in Astrophysics and Electrical Engineering, from Rice University. Outside of work, enjoys playing hockey, but when off the ice, he also spends time on the board of Silicon Valley Shakespeare and is a superforecaster for the Good Judgement project.

Jerald Murphy is SVP of Research and Consulting for Nemertes. With over three decades of technology experience, Jerry has done everything from neural networking research, integrated circuit design, computer programming, designing global data centers, to being CEO of a managed services company. Jerry has worked in The United States Army, MCI Communications, META Group, Cognizant, and was the CEO of Banking Infrastructure Technology Services (BITS).

Prior to founding MarketWord in 2006, Mark Fishburn held roles as Managing Director, VP marketing, VP sales, VP market development, technical strategy, and business unit manager with Xerox, Retix, Netcom Systems, Spirent. He has been a board member and chairman of several industry associations and frequent speaker at industry conferences worldwide.

Issac Roth serves as CTO & Co-Founder of LeakSignal. Prior to founding LeakSignal, Issac founded startup, Makara, and through its acquisition by Red Hat, Issac created OpenShift, the premier enterprise cloud container platform. He went on to create the commercial company around Node.js – the most popular backend programming framework – which was acquired by IBM where he was CTO of API Economy.

Related events