Attack Surface Management Edition
Technology never stops evolving. That’s why, now more than ever, ensuring your organization stays compliant with constantly changing regulatory policies and standards is critical to safeguarding your organization against emerging threats.
From on-premises infrastructure to cloud environments, security and IT teams are hungry for real-world insights and expert perspectives on continuous compliance to reduce risks and minimize costs.
Monday, December 11, 2023
Virtual
Featured Speakers
Troy Leach
Chief Strategy Officer (CSO), Cloud Security Alliance
Gene Yoshida
Risk Management and Compliance Professional, Compliance.ai
Avani Desai
CEO, Schellman
Isaias Mercado
Senior Systems Security Manager, Cardnet
Matt Crane
Senior Manager, Schellman
Terry Barber
Manager, Security Operations, American Express Global Business Travel
Jonathan Trull
CISO & SVP Security Solution Architecture,
Qualys
Shailesh Athalye
Sr. Vice President, Product
Management, Qualys
Corey Smith
Vice President, Solution Architects, Qualys
Lavish Jhamb
Sr. Product Manager, Compliance Solutions, Qualys
Bill Reed
Marketing Expert, Qualys
Discover fresh perspectives on continuous compliance for your organization
PCI DSS 4.0 implementation is required by March 31, 2024. As such, organizations must prioritize a continuous approach to compliance to avoid hefty fines, increased transaction fees, termination of merchant agreements, costs for potential lawsuits, and brand damage.
Join us for a comprehensive exploration of the ever-evolving compliance landscape and gain invaluable insights to help you minimize security breaches, avoid audit failures, and protect your organization’s reputation.
Topics
Continuous Compliance and Cloud
As technology continues to advance, so do the challenges of securing sensitive payment card data. PCI DSS 4.0 not only addresses these evolving threats but also emphasizes a holistic approach, ensuring that compliance measures are integrated seamlessly across on-premises systems and cloud environments alike.
Four Common Trends in PCI DSS 4.0 Compliance
By examining real-world case studies and expert perspectives, this discussion will equip you with the knowledge and strategies you need to navigate the complexities of modern payment card security and every facet relating to the PCI DSS 4.0 mandate.
Continuous Compliance: Four Key Changes for Organizations
Don’t miss a deep-dive series of dynamic discussions around the key trends that are shaping the way organizations are successfully securing their payment card data today. Learn about four specific actions you can take now to ensure that your organization can meet the mandate with confidence.
Qualys’ Vision for PCI DSS 4.0
How can compliance, IT, and security teams collaborate to comply with PCI DSS 4.0? This is your chance to learn about Qualys’ vision and innovation when it comes to continuous compliance. Also, to learn why credit card tokenization alone is not sufficient to ensure full PCI DSS 4.0 compliance.
9:00 AM PT
Keynote
Keynote
Jonathan Trull
CISO,
Qualys
Embark on a transformative exploration of PCI DSS 4.0 at our upcoming thought leadership event, where we unravel the multidimensional facets of PCI compliance—from the industry’s perspective to the vantage points of customers, auditors, and the tools at our disposal. No single solution can provide complete coverage for PCI DSS 4.0 requirements. This session will review how to use multiple solutions with a single agent and dashboard to ensure 97 percent coverage for the twelve PCI DSS 4.0 requirements.
9:15 AM PT
Keynote
Compliance and the Cloud
Troy Leach
Chief Strategy Officer (CSO),
Cloud Security Alliance
As technology continues to advance, so do the challenges of securing sensitive payment card data. PCI DSS 4.0 not only addresses these evolving threats but also emphasizes a holistic approach, ensuring that compliance measures are integrated seamlessly across on-premises systems and cloud environments alike.
10:00 AM PT
Keynote
PCI DSS 4.0 Myths and Facts from the Assessor's Perspective
Avani Desai
CEO,
Schellman
Matt Crane
Senior Manager,
Schellman
Delve into the profound shifts introduced by PCI DSS 4.0 from the perspective of Assessors. As the cornerstone of payment security standards, PCI DSS 4.0 is currently undergoing its most significant evolution. Leveraging the extensive expertise of our PCI Qualified Security Assessors, who have successfully conducted over 150 PCI DSS assessments in the past year, we will analyze the implications of these changes. Drawing from our experiences with various clients, we aim to provide insightful guidance to navigate you through this substantial transition in the PCI landscape.
10:30 AM PT
Keynote
Four Common Trends in PCI DSS 4.0 Compliance
Gene Yoshida
Consultant - Chief Risk/Compliance
Bill Reed
Marketing Expert
By examining real-world case studies and expert perspectives, this discussion will equip you with the knowledge and strategies you need to navigate the complexities of modern payment card security and every facet relating to the PCI DSS 4.0 mandate. This session will also cover why the transaction tokenization provided by credit card companies is beneficial, but it’s not sufficient enough to absolve an organization from ensuring PCI DSS 4.0 cybersecurity compliance.
11:00 AM PT
Innovation Pavilion
Explore the Dynamic Landscape of PCI DSS 4.0
Terry Barber
Manager, Security Operations,
American Express Global Business Travel
Explore the dynamic landscape of PCI DSS 4.0 with American Express Global Business Travel. Drawing insights from industry shifts, the session delves into strategic preparations for the impending standard with insights into their roadmap for compliance. Gain practical perspectives and actionable steps from a leading authority navigating the evolving PCI DSS landscape.
11:30 AM PT
Innovation Pavilion
The Platform Approach to PCI
Shailesh Athalye
Sr. Vice President, Product Management,
Qualys
Lavish Jhamb
Sr. Product Manager, Compliance Solutions,
Qualys
Discover the intricacies of PCI DSS 4.0’s technical controls spanning diverse cybersecurity functions. Join Qualys’ Senior Vice President of Product Management as he guides you through a platform-centric perspective on PCI. The session will emphasize the mapping of various security functions and that includes a live product demonstration. Gain valuable insights into leveraging Qualys’ platform to facilitate PCI DSS 4.0 compliance effectively.
12:15 PM PT
Customer Session
PCI DSS 4.0 Challenges and Cardnet's Experience
Isaias Mercado
Senior Systems Security Manager,
Cardnet
As a dedicated proponent of maintaining robust compliance and security standards, Cardnet has consistently embraced cutting-edge technology to safeguard our digital assets. With a partnership spanning over eight years, Qualys has been a steadfast ally in our compliance journey. Cardnet has leveraged Qualys’ VMDR for scanning, as well as the PCI and Web Application Scanning modules since 2014 and found them to be crucial in supporting their certification processes. They have meticulously reviewed the new PCI DSS 4.0 requirements since its introduction in March 2022. This session will cover how the Qualys suite of offerings can provide complete coverage for 97 percent of the PCI DSS 4.0 requirements, including vulnerability classification and software, as well as component patching under 6.3.1, 6.3.2, and 6.3.3.
12:45 PM PT
Wrapup
Corey Smith
Vice President, Solution Architects,
Qualys
As we conclude this enlightening thought leadership series on PCI DSS 4.0, we invite you to receive a complimentary Compliance eBook. Additionally, seize the opportunity to schedule a one-on-one session with a Qualys Solution Architect for a complimentary consultation to expedite your PCI DSS 4.0 readiness assessment. Embrace the insights gained from this series as you navigate the evolving landscape of PCI compliance.
The opinions expressed by the guest speakers are their own and do not necessarily reflect the views of Qualys.
Tap into expert cyber risk insights every quarter!
Avani Desai
CEO, Schellman
Avani Desai is a Partner and Chief Executive Officer at Schellman, the largest niche CPA firm in the world that focuses on technology and security assessments.
She also sits on the board of Cogent Bank, a Florida based community bank, as a Director and the head of the Technology Committee.
Avani started her career working at a Big 4 accounting firm (KPMG) for over 10 years, where she led a team and oversaw IT Risk Management and Privacy across national service-lines. In addition, Avani managed the development of internal and external privacy programs and related practices, leveraging her deep knowledge with healthcare and emerging technologies, such as blockchain, cloud computing, artificial intelligence, internet of things, and virtualization. Now at Schellman, Avani has been focusing on growth strategies, strategic client and market development, industry analysis, and new services for the last seven years. She has been featured in Forbes, CIO.com, and the Wall Street Journal, and is a sought-after speaker as a voice on a variety of emerging topics, including security, privacy, information security, future technology trends, and the expansion of young women involved in technology. In 2017, Avani, a crypto enthusiast, launched MyCryptoAlert, an app that provides a mobile solution for the alert and portfolio problems crypto investors face and a tool to buy and sell coins on arbitrage. Also passionate about strategic philanthropy, Avani sits on the board of Arnold Palmer Medical Center, Philanos, Audit Committee chairwoman at the Central Florida Foundation, and is the co-chair of 100 Women Strong, a female-only venture capitalist based giving circle that focuses on solving community-based problems specific to women and children by using data analytics and big data. Avani is also an avid runner, always looking to sign up for the next Disney marathon. With all that being said, Avani still considers her greatest accomplishment to be personal rather than professional—she is the proud mother to her 10-year-old son, Sahil, 7 year old daughter, Sareena, and newborn son, Hastin.
Sumedh Thakar
President and CEO, Qualys
As President and CEO, Sumedh leads the company’s vision, strategic direction and implementation. He joined Qualys in 2003 in engineering and grew within the company, taking various leadership roles focused on helping Qualys deliver on its platform vision. From 2014 to 2021, he served as Qualys’ Chief Product Officer, where he oversaw all things product, including engineering, development, product management, cloud operations, DevOps, and customer support. A product fanatic and engineer at heart, he is a driving force behind expanding the platform from Vulnerability Management into broader areas of security and compliance, helping customers consolidate their security stack. This includes the rollout of the game-changing VMDR (Vulnerability Management, Detection and Response) that continually detects and prevents risk to their systems, Multi-Vector EDR, which focuses on protecting endpoints as well as Container Security, Compliance and Web Application Security solutions. Sumedh was also instrumental in the build-up of multiple Qualys sites resulting in a global 24x7 follow-the-sun product team.
Sumedh is a long-time proponent of SaaS and cloud computing. He previously worked at Intacct, a cloud-based financial and accounting software provider. He also worked at Northwest Airlines developing complex algorithms for its yield and revenue management reservation system. Sumedh has a bachelor’s degree in computer engineering with distinction from the University of Pune.
Shailesh Athalye
Senior Vice President, Product Management, Qualys Inc.
As Senior Vice President of Product Management, Shailesh leads the product management team and drives the Qualys product vision helping customers assess and improve their IT, security and compliance posture. Since joining Qualys in 2012, he has worked in various security and compliance roles driving innovative solutions, including remote endpoint protection, endpoint detection and response, and SaaS security. In addition, Shailesh headed engineering, research and product management for Qualys Policy Compliance and File Integrity Monitoring, where he helped customers go beyond compliance to drive their IT GRC objectives. Before Qualys, he focused on security research for Symantec ESM and Compliance solutions. Shailesh holds a master’s in computer applications (MCA) from the Vishwakarma Institute of Technology and has various security certifications including CISA, CRISC, CISM. He is also a regular speaker at industry conferences.
Art Thompson
CIO, City of Detroit
Art Thompson is the Chief Information Officer (CIO) for the City of Detroit, Department of Innovation and Technology (DoIT).
Prior to this appointment, he served as the Director of Public Safety and Cyber Security for DoIT. Thompson is a graduate of Eastern Michigan University with a degree in Supply Chain Management.
He has more than 12 years of technical experience with the public safety environment and managing public safety personnel. His technical skills include radio and desktop installation, as well as software and hardware maintenance. His responsibilities included, but were not limited to, managing Desktop Support, Mobility Support, Network Administration and Cyber Security Teams all of which he confidently championed.
Thompson began his career with DoIT as the Manager for Mobility Support. His accomplishments as Manager further revealed his advanced technical skills and managerial abilities, which lead to his promotion to Director. After serving nearly three (3) years as Director, he further excelled in management and in handling budgetary issues. His vision, dedication, motivation and commitment to the City of Detroit ultimately lead to his appointed as CIO.
Mike Orosz
Global Chief Information and Product Security Officer, Vertiv
Mike Orosz is Global Chief Information and Product Security Officer at Vertiv accountable for all aspects of global information and product security. He was previously Sr. Director Global Cyber and Physical Security at Citrix and Global compliance Officer for Citi. Mike also served in the US Army focusing on Intelligence, Security and Analytics. He holds a master’s degree in information sciences, cybersecurity from PennState University.
Matt Crane
Senior Manager, Schellman
Matt Crane is a Senior Manager at Schellman, where he excels in project management and client relations while overseeing assessments against various PCI Standards. With a primary focus on PCI DSS Compliance for organizations spanning diverse industries, Matt leverages a decade of expertise in information security services.
Prior to joining Schellman in July 2017, Matt held key positions in both the private and public sectors, specializing in PCI and NIST assessments, as well as intelligence analysis. His extensive background includes leading PCI engagements, performing risk assessments, and general consulting services for merchants and service providers across multiple industry verticals. With an exceptional track record and a profound understanding of the industry, Matt Crane is a valuable asset to Schellman, ensuring clients receive unparalleled guidance in achieving their compliance goals.
Matt holds a BBA in Information Security and Assurance as well as several industry certifications including CISSP, CISA, CRISC, QSA
Lavish Jhamb
Sr. Product Manager, Compliance Solutions, Qualys
Lavish Jhamb is Solution Architect for Compliance Solutions at Qualys, focused on building security solutions such as ‘Custom Assessment and Response’ and ‘File Integrity Monitoring’ and helping customers assess and improve their security and compliance posture. He has over 7 years of experience working on security solutions, regulatory standards, and cyber security frameworks, with thorough understanding of operating systems. Lavish holds a bachelor’s degree in computer engineering from the Kurukshetra University Institute of Engineering and Technology and a Post Graduate Diploma in IT Infrastructure, Systems and Security from CDAC Pune.
Kunal Modasiya
Vice President, Product Management, Attack Surface Management & AppSec, Qualys
Kunal is currently VP of Product Management for the CyberSecurity Asset Attack Surface Management (CAASM), Web App and API Security product line at Qualys HQ in Foster City, CA. He is Qualys boomerang. He worked at Qualys for 3 years and incubated the XDR product line from inception. Kunal has spent 15+ years working at startups, and big and mid-size companies in cybersecurity, networking, and application security in both product and engineering roles at Juniper Networks, Extreme Networks, Sun Microsystems and Infinera. Prior to re-joining Qualys, Kunal was heading products at Israeli startup in API security and bot management AppSec space.
Jonathan Trull
CISO & SVP Security Solution Architecture, Qualys
Jonathan Trull is a longtime security practitioner and CISO & SVP Security Solution Architecture with over 18 years of experience in the cybersecurity industry and is currently the Senior Vice President of Customer Solutions Architecture and Engineering at Qualys. His career has spanned operational CISO and infosec roles with the State of Colorado, Qualys, Optiv, and Microsoft. While at Microsoft, Jonathan led the Microsoft Detection and Response Team (DART) whose mission was to respond to cyber security incidents around the globe ranging from cyber espionage initiated by nation-state actors to ransomware attacks and included the investigation of and response to the NOBELIUM threat actor campaign which leveraged the SolarWinds supply chain. Jonathan also serves as an advisor to several security startups and venture capital firms and supports the broader security community through his work with the Cloud Security Alliance, Center for Internet Security, and IANS. He is also an adjunct faculty member at Carnegie Mellon University where he mentors and coaches those attending the CISO Executive Education Program. Jonathan is a frequent speaker at industry conferences such as BlackHat, RSA, and SANS and holds several industry certifications including the CISSP, OSCP, CCSP, and GCFA. Jonathan is a veteran of the U.S. Navy finishing his career as a Lieutenant Commander supporting the Information Warfare Domain.
Jon Oltsik
Distinguished Analyst and Fellow, Enterprise Strategy Group
Jon Oltsik is a distinguished analyst, fellow, and the founder of the firm’s cybersecurity service. With over 35 years of technology industry experience, Jon is widely recognized as an expert in all aspects of cybersecurity and is often called upon to help customers understand a CISO’s perspective and strategies. Jon focuses on areas such as cyber-risk management, security operations, and all things related to CISOs.
Terry Barber
Information Security Manager - Security Analytics, American Express Global Business Travel
Terry hails from Santa Cruz California originally and began his career in Information Technology at Mighty Net, Inc. (founding company for Creditreport.com) as CTO – Director of Systems and Security while attending California State University Northridge. There he was responsible for all Infrastructure, networking, and security. In 2007, Terry took a Director of IT position at Protocol and left the company as Director of US IT Operations when they were acquired by Expert Global Solutions.
At EGS he ventured back into Information Security role full-time and worked alongside his CISO as the two man team responsible for achieving PCI compliance across the Enterprise. In 2015 he transitioned to American Express Global Business Travel as an Information Security Manager. Today his responsibilities include Cyber Security Metrics, Managing the Vulnerability management platforms including Qualys and several other Information Security platforms at GBT.