Full time students and veterans are eligible for 25% discount of membership rates, upon presentation of current class schedules or valid student/veteran ID. Please be sure to register early for the upcoming classes. Unless registration is open, date and topics maybe changed at a later date.
Cloud Security Training - February 12 & 13, 2019
Location: Bank of New York Mellon 240 Greenwich Street 10th Floor, New York, New York 10286
Cloud Security strategy, governance, and operations based on cloud security best practices and operational experience. The objective of this phase is to develop a course syllabus that covers concerns from cloud customers and best practice guidance with specific example architectures for the major cloud security providers (AWS, Azure, and Google). In addition to the course syllabus, the class will provide visual diagrams as reference architectures.
Intended audience: This seminar is designed for IT Auditors, Cloud Technologies, Risk and Control Professionals at all levels.
Learning objectives: Participants in this seminar will learn:
Identifying account security strategies to manage multiple accounts and ensure fiscal visibility;
Identifying account segmentation based on operating environments, business units, partners, and data and resource classification requirements;
Identifying identity federation strategies for staff and mobile endpoints using enterprise, web, or third-party identity providers (“IdP”);
Identifying identity and access management (“IAM”) policies to secure roles, groups, users, and data security within cloud services;
Identifying efficient and best practices in cloud resource usage and data flow management by identifying best-fit services and security architecture;
Identifying procedures to manage data retention, resource lifecycles, and configuration management;
Identifying network security topologies including virtual private clouds, subnets, security groups, network ACLS, edge security, dedicated network connections and VPNs;
Identifying availability requirements including geolocation/region availability, Recovery Time Objective (“RTO”), and Recovery Point Objective (“RPO”);
Identifying logging and alerting procedures for cloud monitoring and incident response;
Identifying auditing controls and visibility requirements for cloud infrastructure;
Defining inventory strategies for cloud resources as an effort toward asset classification, asset owner identification, and, if appropriate, a charge back model. Additionally, certain IAM services rely on resource tagging; and
Identifying and evaluating relevant commercial cloud security technologies.
Instructor: Jonathan Villa
Jonathan has worked as a technology consultant since 2000, and has worked in the information security field since 2003. For more than 10 years, worked with a large municipality as a senior consultant in several competencies including PCI compliance and training, web application architecture and security, vulnerability assessments and developer training, and web application firewall administration. He also co-architected and managed an automated continuous integration environment that included static and dynamic code analysis for over 150 applications deployed to several distinct environments and platforms. Jonathan has worked with virtualization and cloud technologies since 2005 and, since 2010, has focused primarily on cloud security. Jonathan has worked with clients in North and South America, and Asia, to design and implement secured public and hybrid cloud environments, integrate security into continuous integration and continuous delivery methodologies, develop custom security solutions using the AWS SDK, and provide guidance to customers in understanding how to manage their environments under the Shared Responsibility Model. In addition to providing PCI training, Jonathan also has presented to law enforcement on cyber security and was a speaker at the Cloud Security Alliance New York City Summit. Jonathan holds the following certifications: CISSP, C|EH, PCIP, AWS Certified Solutions Architect – Professional, AWS Certified SysOps Administrator, AWS Certified Developer, AWS Certified DevOps Professional, and Security+ certifications including the CSA Certificate of Cloud Security Knowledge.
This a multi-cloud experience that's relevant to today's cloud landscape. The students should have an account available for AWS, Azure, and Google Cloud (GCP).
Participants should bring a laptop.
An ISACA member will send out instructions for creating AWS, Azure, and Google Cloud (GCP) accounts approximately 2 weeks before the class.
Level: All levels, 16 CPE
Registration pc link: http://www.cvent.com/d/mbqwvn/4W