Upcoming Talks and Training

I am doing the keynote at the RISK conference in Oslo, the conference is October 27-28.

A Thinking Person's Guide to the Cloud

How the Cloud will evolve is uncertain, what is certain is that if INFOSEC does not get 
proactively involved in building security into Cloud then it will be too late to add on later. This session drills down on pragmatic ways to approach security at design time. As businesses realize value from Cloud, SaaS and virtualized architecture, they are at the same time increasing attack surface, and adding wholly new failure modes into their enterprise. This talk presents a Security Architecture toolset to apply in making design decisions delivering Access Control services with Federated Identity, Designing for failure with Defensive Services, and enabling all the pieces in to interoperate through decentralized policy and technologies. 

At the Usenix LISA conference in Baltimore November 6, I will be teaching my new hands on Security in the Cloud class. The class does a deep dive on new cloud architectures, threats that emerge, and what protocols we can use defend.