Roundtable: CISO 360-Identity in the Cloud
Thank you to all participants who attended this virtual roundtable to benchmark identity centric security strategies against the backdrop of the cloud and accelerated digital infrastructures.
Thursday 20 May 2021
You are invited to join this special CISO 360 Roundtable, powered by SailPoint and hosted by Pulse Conferences, on Thursday 20 May 2021 at 14:00-15:30 BST / 15:00-16:30 CEST. Led by, with and for CISOs, this is an excellent opportunity to connect with peers and benchmark identity security strategy with CISOs and senior cybersecurity peers from the UK, Ireland, The Netherlands, Belgium and Luxembourg.
Focuses: Has your digital pivot accelerated an identity centric security programme? How has the speed of your organisation’s cloud adoption caught you off guard? What next?
Cloud adoption is at an all-time high and predictions point towards the majority of future failures being a result of improper management of identities, access and privileges. Hear what peers are doing to protect their businesses against the potential cyber risks that target digital identities.
We look forward to welcoming you and CISO peers to compare resilience strategies and tools around an identity centric security strategy.
14:00 – 14:10 (BST)
15:00 – 15:10 (CEST)
Introductions with arriving guests
Master of Ceremonies: Clive Room, Director, Pulse Conferences
15:10- 15:20 (CEST)
Introduction and insights on the topics
Paul M. de Graaff, Senior Identity Strategist, SailPoint
Mark Snel, CISO, Signify
14:20 – 15:20 (BST)
15:20- 16:20 (CEST)
All participants contribute to the discussion.
Part One: How has the pandemic impacted our identity centric security programmes?
- Has WFH/WFA changed the way we look at security and how we have you adjusted our security programmes?
- Has the pandemic accelerated the adoption of zero trust principles and solutions?
- Has the pandemic led to over-provisioning of access due to demands of access enablement?
- Has our security programme changed to a more identity centric approach, as most of the breach reports out there that most breaches are related to the compromise of an identity?
Part Two: How has the speed of our organisation’s cloud adoption caught us off guard? What now?
- Our legacy security solutions do not work in the cloud! What next?
- Has the automation of deploying cloud infrastructure resources collapsed the traditional boundaries between developer, network, security and infrastructure job functions?
- Do we still have the same (security) visibility in the cloud?
- How are our auditors adjusting to the world of the cloud? What security controls (SOD, Other) are we expecting in the cloud world and how are we providing evidence of these security controls?
15:20 – 15:30 (BST)
16:20 – 16:30 (CEST)
Summary and Goodbyes
Co-Chairpersons: Paul M. de Graaff, Senior Identity Strategist, SailPoint and CISOs from the UK and from the Benelux region
Master of Ceremonies: Clive Room, Director, Pulse Conferences
Paul M. de Graaff, Senior Identity Strategist, SailPoint (Recently Global Information Security Officer for AIG)
Mr. de Graaff is currently a senior identity strategist at SailPoint Technologies and in his role advices the executive management team on what is next in identity security.
Mr. de Graaff has led cyber security strategy, security operations and compliance programs for various financial services and retail companies. Notably, Mr. de Graaff served as the Global Information Security Officer for AIG. Prior to joining AIG, Mr. de Graaff held the position of Corporate Information Security Officer at Depository Trust & Clearing Corporation. In addition, he has held Information Security consulting and management positions at WW (formerly Weight Watchers). ING, ABN/AMRO, IBM, UNISYS, and Vanguard Integrity Professionals.
Mr. de Graaff was awarded the Top 100 IT Leadership Award in 2006 by Computerworld Magazine. Mr. de Graaff is a trusted advisor and serves and has served on advisory boards of startups in the security, mobile payment and crowdsourcing space. Mr. de Graaff is a published author and regular speaker on security and compliance related topics. Mr. de Graaff holds a Bachelor ‘s Degree in Applied Mathematics from the Open University of The Hague, The Netherlands.
Mark Snel, CISO, Signify (The Netherlands)
Mark has more than 20 years of experience in the information security and information risk management, from technical roles to his recent role as a CISO for Signify (formerly Philips Lighting). He holds a Master of Information Management degree, believe in a business-driven approach to managing information risk, and is always willing to experiment with new ideas to improve our profession.
Master of Ceremonies
Clive Room, Director, Pulse Conferences
Clive has worked as a marketeer within cybersecurity since 2000. As the Marketing Manager at Portcullis Computer Security he organised all their bespoke events from seminars to hospitality events like the famous Portcullis Arms during Infosec. He was also responsible for their involvement with conferences and exhibitions all over Europe. His experience in promoting and presenting at cyber security events is matched by his passion for helping people understand the critical importance of mitigating the risks and protecting themselves and their organisations from cybercrime. He believes that in terms of reputational damage and operational costs, security breaches should be a key concern of everyone from the ground floor worker up to board and director level. Clive was Chairman of The White Hat Committee, the charity for the information security industry, which raises money for ChildLine and Barnardo’s throughout the year. This January’s White Hat Ball was the most successful to date raising over two hundred thousand pounds and the next White Hat Car Rally is in September. Clive is proud to be a part of the dynamic team bringing CISO 360 Congress to the marketplace as a game changer in cybersecurity events.
What can I expect at a CISO 360 Roundtable?
All participants are encouraged to contribute throughout for this digital face to face benchmarking event.
- Delegate passes are limited and only available to book by in-house practitioners and do not apply to persons or companies providing advisory services or solutions to the security community.
- Places are limited for this event to maintain an in-depth peer to peer benchmarking focus for the discussion and the sharing of best practices.
- Confirmations will be done on a ‘first to confirm’ basis.
- Led by fellow CISOs, the Roundtables are individual sessions designed around content, connection and contribution.
- There is no sales talk and no presentations.
- This roundtable will be hosted on Zoom – everyone is encouraged to be visible and to contribute to the discussion if it is convenient to do so.
SailPoint is the leader in identity security for the cloud enterprise. We’re committed to protecting businesses from the inherent risk that comes with providing technology access across today’s diverse and remote workforce. Our identity security solutions secure and enable thousands of companies worldwide, giving our customers unmatched visibility into the entirety of their digital workforce, and ensuring that each worker has the right access to do their job, no more, no less. With SailPoint at the foundation of their business, our customers can provision access with confidence, protect business assets at scale and ensure compliance with certainty.
Stay up-to-date on SailPoint by following on Twitter and LinkedIn and by subscribing to the SailPoint blog.
Quotes from recent Identity 360 roundtables
How can you leverage outward corporate messaging about identity to say ‘we can be trusted, we have integrity’?
“We need to tap into the cultural milieu about identity ascendancy in the business and its impact and on how companies portray themselves to the outside world.”
How do we pump up governance processes around identity and trust? ”
“Identity is a collection of attributes. Which attributes are useful? We always end up describing a service rather than outlining a standard. Who sets the mandate for protection?
Surely this should be something that is top down.”
How can we build frameworks that are agile enough for today’s processes? Where can we get the quick wins?
“A move to zero trust is not a big bang affair. It is about reuse of the technologies you have in place today and protecting technologies that you don’t yet have in place!”
How can we break down zero trust into workable pieces?
“We found it hard on the process side of things, the size of the project becomes so great in comparison to other projects on the table that is why it ends up as being lower priority, not because it is less important – so any tips that can address this would be appreciated. It is a tough spot.”
CISO, Financial Services