SaaS identity security poses unique challenges for businesses and their CISOs. The rapid adoption of new apps and decentralized acquisition process of SaaS makes it difficult to apply traditional cybersecurity frameworks that assume the company controls the endpoint, network access, or authentication method. This leaves businesses vulnerable to data breaches and other security threats. The Cloud Security Alliance has developed a best practices guide for SaaS security, which requires a different governance mindset and the implementation of robust identity and access management strategies. Gartner suggests that identity has become the ultimate control point in a world where data is accessible from anywhere. As such, businesses must prioritize their SaaS security efforts to ensure they can leverage the productivity and scale benefits of SaaS without exposing themselves to undue risks. CISOs must lead this effort, working with business leaders and IT teams to develop and implement effective SaaS security strategies that protect their company's valuable data assets.
How SaaS Identity Risk is Transforming Cybersecurity
CISO Council
Speakers & Visionaries
Lior Yaari
CEO & Co-Founder
Grip Security
Dustin Sachs
Sr. Manager, Governance Risk & Compliance
World Fuel Services
David Cass
CISO
GSR
About Me
David Cass is a senior partner at Law & Forensics LLC where he leads the Cryptocurrency and Digital Banking Practice and is a member of the Cyber Security and Forensics Practice. He has extensive experience in financial services regulation, cryptocurrency, digital assets, blockchain, cloud, and digital banking.
He most recently served as a lead regulator for the Federal Reserve Bank of New York where he was a member of the Large Institution Supervision Committee (LISCC). Prior to this appointment, David was the CISO & Global Partner of IBM’s Cloud Security Service Unit where he was responsible for its security practices, processes, and policies.
He has been an active contributor of the FS-ISAC and the European Banking Federation on Cloud Compliance and Security for financial services firms and has worked closely with US and international regulators. He was part of the team that introduced the first financial services blockchain initiative utilizing public cloud supported by 10 major international banks.
Previously, he served as SVP & CISO for Elsevier where he led an organization of experienced legal, risk, and security professionals who provided data protection, privacy, security, and risk management guidance on a global basis. He also served as Elsevier’s HIPAA officer.
David has an MSE from the University of Pennsylvania, and an MBA from MIT. He is a frequent speaker at high-profile conferences and served on a public corporation’s Board of Directors. He also is an editorial board member for The Journal of Law & Cyber Warfare and serves as a board member for the UCLA Extension Silicon Beach Innovation Lab. He is a faculty member for the non-profit Global Cyber Institute, and an adjunct faculty member for Harvard and at the Rutgers Law School. He is a member of the New York City Cyber Critical Services & Infrastructure team organized by the NYPD and the office of the NY District Attorney.
In his free time, David is a volunteer firefighter & Swiftwater Rescue Technician.
Sai Iyer
CISO
Ziff Davis
Nancy Good
Director, Delivery Excellence
Knights of Columbus
Tim Swope
CISO
Catholic Health System
About Me
Mr. Swope brings over 20 years of experience in IT Project Management, BI Solutions Development, IT Security, IT Controls (CoBIT, SOX 404/MAR, etc) IT Risk Management, and HealthCare Compliance, to both the public and private sectors. His focus is on identifying gaps relating to key IT security processes and the implementation of IS Security and Risk Management programs to Health Care, Pharmaceutical and various commercial clients.
Has a proven track record of delivering the following:
• Interpreting and applying 21 CFR Part 11, GLP, GMP, GCP, and QSR regulations
• MDM and Data Governance
• Identity Access Management
• HIPAA Risk Assessments and GAP analysis
• Information Assurance Program Management - SCRUM, AGILE, SDLC, Six Sigma
• Implemented large security, risk and compliance initiatives of SOX-404 IT, HIPAA/HITECH, including security policies, procedures and controls.
• "Big Data", Data Management and Health Care Data Analytics
• Federal Information Security Management Act (FISMA) Compliance Reviews
• Implemented the security standards - 45 CFR Parts 160, 162, and 164 Health Insurance Reform: Security Standards; Final Rule
He has supported these Information Assurance and IS Security initiatives for organizations that include: Excellus BCBS, Medimmune/Astra Zeneca, ENDO Pharmaceuticals, Novo Nordisk, Daiichi-Sankyo Solutions, Catalent Pharma Solutions, Johnson and Johnson, District of Columbia Government office of the Chief Financial Officer, District of Columbia Water and Sewer Authority, City of Richmond, Virginia Department of Public Utilities, Virginia State Department of Health, and the Kentucky Department of Health Services, as well as the U.S. Department of Labor.
Lior Yaari
CEO & Co-Founder
Grip Security
Dustin Sachs
Sr. Manager, Governance Risk & Compliance
World Fuel Services
Sai Iyer
CISO
Ziff Davis
Nancy Good
Director, Delivery Excellence
Knights of Columbus
EVENT DETAILS
May 23, 2023
Agenda
3:00 PM-4:15 PM
How SaaS Identity Risk is Transforming Cybersecurity
Panelists
Chair
David Cass
CISO
GSR
David Cass is a senior partner at Law & Forensics LLC where he leads the Cryptocurrency and Digital Banking Practice and is a member of the Cyber Security and Forensics Practice. He has extensive experience in financial services regulation, cryptocurrency, digital assets, blockchain, cloud, and digital banking.
He most recently served as a lead regulator for the Federal Reserve Bank of New York where he was a member of the Large Institution Supervision Committee (LISCC). Prior to this appointment, David was the CISO & Global Partner of IBM’s Cloud Security Service Unit where he was responsible for its security practices, processes, and policies.
He has been an active contributor of the FS-ISAC and the European Banking Federation on Cloud Compliance and Security for financial services firms and has worked closely with US and international regulators. He was part of the team that introduced the first financial services blockchain initiative utilizing public cloud supported by 10 major international banks.
Previously, he served as SVP & CISO for Elsevier where he led an organization of experienced legal, risk, and security professionals who provided data protection, privacy, security, and risk management guidance on a global basis. He also served as Elsevier’s HIPAA officer.
David has an MSE from the University of Pennsylvania, and an MBA from MIT. He is a frequent speaker at high-profile conferences and served on a public corporation’s Board of Directors. He also is an editorial board member for The Journal of Law & Cyber Warfare and serves as a board member for the UCLA Extension Silicon Beach Innovation Lab. He is a faculty member for the non-profit Global Cyber Institute, and an adjunct faculty member for Harvard and at the Rutgers Law School. He is a member of the New York City Cyber Critical Services & Infrastructure team organized by the NYPD and the office of the NY District Attorney.
In his free time, David is a volunteer firefighter & Swiftwater Rescue Technician.
Speaker
Lior Yaari
CEO & Co-Founder
Grip Security
Speaker
Dustin Sachs
Sr. Manager, Governance Risk & Compliance
World Fuel Services
Speaker
Nancy Good
Director, Delivery Excellence
Knights of Columbus
Speaker
Sai Iyer
CISO
Ziff Davis
Speaker
Tim Swope
CISO
Catholic Health System
Mr. Swope brings over 20 years of experience in IT Project Management, BI Solutions Development, IT Security, IT Controls (CoBIT, SOX 404/MAR, etc) IT Risk Management, and HealthCare Compliance, to both the public and private sectors. His focus is on identifying gaps relating to key IT security processes and the implementation of IS Security and Risk Management programs to Health Care, Pharmaceutical and various commercial clients.
Has a proven track record of delivering the following:
• Interpreting and applying 21 CFR Part 11, GLP, GMP, GCP, and QSR regulations
• MDM and Data Governance
• Identity Access Management
• HIPAA Risk Assessments and GAP analysis
• Information Assurance Program Management - SCRUM, AGILE, SDLC, Six Sigma
• Implemented large security, risk and compliance initiatives of SOX-404 IT, HIPAA/HITECH, including security policies, procedures and controls.
• "Big Data", Data Management and Health Care Data Analytics
• Federal Information Security Management Act (FISMA) Compliance Reviews
• Implemented the security standards - 45 CFR Parts 160, 162, and 164 Health Insurance Reform: Security Standards; Final Rule
He has supported these Information Assurance and IS Security initiatives for organizations that include: Excellus BCBS, Medimmune/Astra Zeneca, ENDO Pharmaceuticals, Novo Nordisk, Daiichi-Sankyo Solutions, Catalent Pharma Solutions, Johnson and Johnson, District of Columbia Government office of the Chief Financial Officer, District of Columbia Water and Sewer Authority, City of Richmond, Virginia Department of Public Utilities, Virginia State Department of Health, and the Kentucky Department of Health Services, as well as the U.S. Department of Labor.
Together With
