January 17th marked EVOTEK’s inaugural Security Summit. Held at the beautiful L’Auberge Del Mar, the Summit featured three important tracks that offered participants the opportunity to share best practices and collaborate with fellow security leaders and practitioners across domains that include application security, security operations, data governance & the role of security leadership.
Chris Roberts, Chief Security Strategist at Attivo Networks, kicked the Summit off with a fast-paced keynote that emphasized the four Cs: communication, collaboration, cooperation, and coordination. Chris’ outstanding message of the vital role community and events like EVOTEK’s Security Summit play in tackling real security challenges was matched only by his tutu – worn in support of a great charity, The Innocent Lives Foundation and a GoFundMe challenge. Chris raised $2,575.
EVOTEK’s Security Summit highlights EVOTEK’s commitment to supporting the security community and bringing resources to security practitioners and security leaders alike. The application security track opened with a presentation on the State of Application Security by Surag Patel from Contrast Security. Application security is a critical component to security programs but frequently requires unique competencies and tooling to address adequately. Stephan Chenette from AttackIQ presented on the critical role of application security testing – a field that benefits from continuous or near real-time assessment and automation. Providing prescriptive guidance on how to plan, build and run a comprehensive application security program, EVOTEK’s Matt Shufeldt highlighted key elements of an application security program and important lessons learned based on his experiences with securing applications across a number of industries including healthcare and retail. EVOTEK anticipates that the importance of application security will only increase and remain a top priority for CISOs and other security leaders in the upcoming years.
Security engineering and operations was another key topic addressed at the summit. The Operations & Engineering track began with a presentation from Bob Kalka of IBM Security discussing the state of security operations and the important role of automation and orchestration in this space. Paul Keener from Viasat offered his insights on the SOC of the Future, one where critical competencies in application development, threat modeling and automation play a central role. Macy Dennis, EVOTEK’s Chief Security Officer teamed with Jason Harkins, CISO at Sony Interactive Entertainment, to provide their hands-on insights in building successful SOCs.
The data governance and leadership track highlighted the important, and ever-changing role, of regulations over our security programs and the key role that security leaders play in managing data risk with their colleagues in privacy and the executive leadership team. Michael Gutsche of Micro Focus noted the critical role of understanding the nuance of various regulations such as the European Union’s GDPR and the California Consumer Privacy Act and how using data discovery, data classification and data mapping techniques can be applied to improve both security and privacy. John Hopkinson of Thales highlighted some of the important techniques required to successfully improve data governance and data handling practices. Yours truly offered a session on linking data governance to broader security and risk management practices. As part of my discussion, I noted the important linkages between privacy and security, as well as how these disciplines differ in important ways (e.g., data minimization being foundational to privacy). I also highlighted the critical role of threat modeling (e.g., using STRIDE) and data flow diagrams to improve both security and privacy.
In deference to Chris Robert’s imploration, each track concluded with a panel discussion that tied common threads through the previous presentations and captured questions and insights from the track’s audience. One thing that I value within our security community is that we’re not shy. There were outstanding insights offered and equally important some really important, lessons learned shared by both panelists and participants alike. Engagement and collaboration are foundational and something we should continue to foment in our security community. The summit culminated with an outstanding panel discussion curated by Matt Shufeldt that brought security leaders including Emilio Escobar, Paul Keener, Jason Harkins, Chris Roberts, and Terrence Weekes who shared insights into their careers, how they have built their security programs and some of their key priorities for 2020.
EVOTEK would have been remiss if we did not take advantage of the outstanding venue and view that is offered at L’Auberge Del Mar. The Summit culminated with a terrific reception that allowed participants, sponsors, and presenters to break bread and share perspectives on the fast-moving world of cybersecurity. EVOTEK’s inaugural Security Summit was a fantastic event. Can’t wait for next year’s Security Summit and to see how much our world of cybersecurity will have changed by then. One thing that’s certain, the collaboration and engagement that EVOTEK brought to this Security Summit bodes well for our ability to tackle any challenges we face as we continue to build and refine our security programs.
Here’s to the EVOTEK Security Summit 2021!