About the talk: Trends in managing cloud-based risks - perspectives from different industries

What’s the difference between managing SaaS risks and vulnerabilities between a creative agency, a software company, a consultancy and a large telecommunications company? From corporate to startup, I share how these industries are managing risks, vulnerabilities and threats on the cloud (SaaS, SaaS, SaaS).

For example: On the risk management and compliance side, we have the new ISO 27001:2022 standards now include controls that are applicable to cloud services (in addition to existing standards such as ISO 27017, BSI C5 and SOC 2 Type 2...). On the data protection side, we are seeing more interest around compliance of technical and organizational security measures of highly protected data on SaaS, owned by companies in other jurisdictions. On the red team and penetration side, conducting pentests and providing reports of SaaS-based applications tests have become more complex for customers to understand, i.e to what extent the underlying infrastructure is in scope. And on the blue team side, cloud providers are providing options for confidential computing to further secure data for protected industries such as telco and health care.

This talk explores the many interesting facets and trends in cloud services based on my daily observations working across different industries with a focus on cloud-based security.

About the speaker: Since 2016, Hannah has embarked on an entrepreneurial journey by establishing her consulting firm, specializing in information security. Hannah consults as cybersecurity risk specialist in telecommunications focusing on security events and supplier security/third-party risk management. Hannah has also successfully implemented the ISO 27001 series in diverse industries - entertainment, software, and marketing. Her knowledge extends to the application of global data protection management in Europe and Asia.

Previously she was technical evangelist for a SIEM logging company and started her journey into security as secure file transfer system administrator for an open source company.

She is currently a ISC(2) volunteer within the scholarships panel.

  / hannahsuarez