Virtual Roundtable: CISO-DevOps 360 DACH
29 October 2020, 12:30-14:00 CET
How can CISOs gain influence on transformation projects from the outset?
How can we implement controls and better position ourselves as an enabler?
*There is no cost to attend for in-house practitioners, CISOS, Developers, Heads of Architecture, Networks, Applications, CIOs… Places are limited to 15 guests for this event to maintain the focus of the discussion and to ensure the participation of all guests. Confirmations will therefore be done on a ‘first to confirm’ basis.
You are invited to attend this special CISO-DevOps 360 Roundtable – DACH that is developed as part of a series for CISOs regionally around the world. This specific Roundtable, for CISOs in Germany, Austria and Switzerland, will be hosted on Zoom during lunchtime on 29 October 2020. During the discussion you will benchmark operational security capabilities with peers.
Led by with and for CISOs, you will exchange experiences with peers from the DACH region on how we can better define and embed an agile approach to security to ensure that we work at the pace of digital product teams.
Hosted by Pulse Conferences, sponsored by Snyk, we will connect peers for an energetic debate on the practical approaches, realities, challenges and successes. All participants are encouraged to contribute throughout for this digital face to face benchmarking event.
Below is some output that emerged from our previous DACH roundtable on how CISOs are working with devops teams and some of the challenging areas:
- Decentralised security ambassadors in every team – find a champion, get buy in, identify skill gaps, define responsibilities, integrate security into your processes, respond to c-19 collaboration challenges
- Ways to measure leadership and stable solutions vis vis securing devops and transformation and innovation teams
- Compared good risk management tools
- Automation of security controls – measuring visibility in devops and across the business requires effort and how to make people accountable without burning resources.
- Discussion on “You don’t sell any more because of security but without it you aren’t selling anything!“
- Approaches we would like to take with vulnerabilities and flaws
- Mindset changes towards Enterprise Risk thinking – is this the holy grail?
- Understanding our IT infrastructures better and knowing how to “Break Your Own”! How we are getting visibility on code ownership to mitigate quickly whether people are using their own bugs or not, use of bug bounty, red teaming
- Requirement for a better security product alignment
- Winning trust – How to make friends and influence people! Communications to mitigate ‘fools with tools’. Challenges and benefits of continuous audit on a real time basis
- Getting security into procurement contracts. Is your privacy clause robust enough? Better onboarding of the supply chain and consolidation of suppliers to a defined ring of trust.
Some of the comparative views that are sure to emerge around the virtual table include questions:
- How can we prevent vulnerabilities in application security?
- What is best practice when creating and developing containers?
- Secure development when working from home — tips and tricks. Read more here!
- How can we mitigate the risks of open source code and containers without hindering your dev team and application delivery?
- What are proven ways we can bridge the gap between projects and operations by using agile techniques in development, project management, and system administration?
The discussion is conducted under The Chatham House Rule of non attribution. Clive Room, Director, Pulse Conferences will top and tail the discussion as your esteemed Master of Ceremonies!
If you can accept, please click on the Register button to confirm your place at the virtual table!
We look forward to seeing you on 29 October, 12:30-14:00 CET for what promises to be an educational, memorable – as well as entertaining – discussion with peers!
Yours sincerely,
Team Pulse
Timings – Note – All times listed for this event are in Central European Time (CET)
The agenda is relatively fluid to ensure that all participants have the opportunity to contribute – everyone is a speaker! The below agenda provides a guidance.
12:30- 12:40
Digital House-Keeping and Guest Welcome
Master of Ceremonies: Clive Room, Director, Pulse Conferences
12:40-12:50
Introduction and insights on the topics
Co-Chairpersons
12:50- 13:55
Main Roundtable discussion
How can CISOs gain influence on transformation projects from the outset?
How can we implement controls and better position ourselves as an enabler?
13:55– 14:00
Summaries and Goodbyes
Sponsored by
Hosted by
Co-led by fellow CISOs from the DACH region
Rainer Rehm, ISO, Zooplus AG
CISO and DPO, security workforce development advisor, trusted board advisor
An authorised CISSP Instructor, Rainer is currently the ISO of Zooplus AG and President of (ISC)² Germany Chapter, of which he is one of the co-founders. Rainer was previously at MAN, where he was responsible for the management of the Information Security Office and Information Security Management Systems to the Council for 5 years. He is also a multiplier for the Alliance for Cybersecurity, an initiative from BSI and Bitkom. Mr. Rehm is an official (ISC)2 instructor and also regularly contributes to the development and maintenance of the (ISC)2 CBK®, a compendium of cyber, information, software and infrastructure security topics that underpin (ISC)2’s credentials. He previously held a senior post in information security with Nokia Siemens Networks, and worked as a consultant serving international clients with CompuServe and Softlab. In addition, Mr. Rehm teaches information security and data protection at German adult education centres in Munich. Rainer studied information technology at the University of Munich and holds the CISSP, CISM and CCI Munich credentials.
Matthias Muhlert, CISO Luminary (Schaeffler, HELLA…)
Matthias is a highly qualified Information Security Professional with 20 years of diversified experience in developing and implementing information security processes as well as leading information security governance programmes. Matthias is a seasoned practitioner in managing global information security management system (ISMS), serving as Head of Information and Cyber Security, developing and implementing policies to support the maintenance of critical business strategies and processes within the organization. He ensures compliance with Information Security policies (aligned to ISO 2700x series) and dealing with information security compliance requirements to VDA ISA (TISAX). Matthias was CISO at HELLA for 4 year where he was responsible for managing the global information security management programme, developing and implementing policies to support the maintenance of critical IT and data management strategies and processes within the organization. Prior to this, he led ICT Security management programmes for foreign branches of UniCredit Bank AG in New York City, London, Singapore, Tokyo and Hong Kong. He enjoys providing leadership and strategic development for information security services within international organizations, offering expertise in international projects and working in multicultural teams as well as in dynamic, fast-paced and data-sensitive environments.
Thomas Owen, Head of Information Security and Risk, Snyk
Thomas is a cloud-literate, innovative and strategic IT and security leader with a blend of people, policy and technical experience. He is able to articulate and engage at all levels of the business, from a SOC analyst or DevSecOps to the Board and believes that success is built on empathy, respect, collaboration and communication. He aims to be an agent of positive change and enable business performance and growth, whilst allowing the board to better understand, articulate and address their real risk posture. Workplace interests include: Fostering positive ethics, engagement and inclusivity; Making compliance and risk management operationally effective; Encouraging dialogues around privacy; Collaborative ways of working.
Master of Ceremonies
Clive Room, Director, Pulse Conferences
Clive has worked as a marketeer within cybersecurity since 2000. As the Marketing Manager at Portcullis Computer Security he organised all their bespoke events from seminars to hospitality events like the famous Portcullis Arms during Infosec. He was also responsible for their involvement with conferences and exhibitions all over Europe. His experience in promoting and presenting at cyber security events is matched by his passion for helping people understand the critical importance of mitigating the risks and protecting themselves and their organisations from cybercrime. He believes that in terms of reputational damage and operational costs, security breaches should be a key concern of everyone from the ground floor worker up to board and director level. Clive was Chairman of The White Hat Committee, the charity for the information security industry, which raises money for ChildLine and Barnardo’s throughout the year. This January’s White Hat Ball was the most successful to date raising over two hundred thousand pounds and the next White Hat Car Rally is in September. Clive is proud to be a part of the dynamic team bringing CISO 360 Congress to the marketplace as a game changer in cybersecurity events.
About the Sponsor
Snyk is a developer-first security company that helps software-driven businesses develop fast and stay secure. Snyk is the only solution that seamlessly and proactively finds and fixes vulnerabilities and license violations in open source dependencies and container images. Snyk’s solution is built on a comprehensive, proprietary vulnerability database, maintained by an expert security research team in Israel and London. With tight integration into existing developer workflows, source control (including GitHub, Bitbucket, GitLab), and CI/CD pipelines, Snyk enables efficient security workflows and reduces mean-time-to-fix. For more information or to get started with Snyk for free today, visit https://snyk.io.