Looks like I get to go to the land of deep dish pizza (Chicago) at the end of the month to speak at the 2013 (ISC)² Congress. I’ll be giving two talks:

3340: (ISC)² – The Five W’s of Securing Dev/Test Cloud Instances
Wednesday, September 25, 2013: 4:30 PM-5:30 PM
S106b – Cloud Track
Software developers, engineers and quality assurance/testers are spinning up cloud servers outside of IT’s control, and, generally speaking, security is the last thing on their mind. Business leadership and product owners typically turn a blind eye to this practice, often referred to as ‘Shadow IT’, because the business knows that letting the software people get their job done faster ultimately results in software getting delivered faster. What many organizations might not know, however, is that this expedited process, often implemented in the name of ‘Agile Development’ or ‘DevOps’, has the potential for increasing organizational security risks.

and

4340: (ISC)² – When Lightspeed’s Too Slow: Security Automation At Ludicrous Speed
Thursday, September 26, 2013: 3:30 PM-4:30 PM
S106b – Cloud Track
Deploying new or migrating existing applications to cloud architectures introduces a host of new challenges for teams responsible for SaaS product success. Being able to prove to existing and future customers that the servers, applications and customer data are just as safe and secure in a SaaS offering as they were in the organization’s datacenter is almost always a mandatory customer requirement. This session will highlight the business and technical requirements for SaaS product success as well as the new concerns introduced by adopting cloud to deliver products.

Hopefully I’ll see you there 🙂