According to Gartner 79% of companies have experienced at least one cloud data breach during the pandemic. Remote work is here to stay, and the concept of securing a perimeter has essentially ended. Traditional application security measures are broken. The need to innovate faster and shift to cloud-native application architectures isn’t just driving complexity, it’s creating significant vulnerability blind spots also. Under the thumb of the pandemic, enterprises and IT leaders had to look for tech solutions that were resilient and agile to empower the remote workforce. To sustain business continuity plans, organizations shifted workloads to the cloud. As much as cloud adoption offers flexibility and productivity, it also exposes organizations to cyber threats and data breaches. So the question remains if moving to the cloud is the right thing to do and if so how to protect it from the new risks given that most organizations believe that application security should be completely automated to keep pace with dynamic clouds and rapid software development practices.
Cloud Security
CISO Dinner
Visionaries
Todd Gordon
Cyber Program Director
Andrew Mellon Foundation
About Me
Todd is cyber program director for the Andrew Mellon Foundation located in NYC with an endowment of over 7B and annual awards exceeding 300M. Previously Todd held leadership roles in information privacy and security at Eisner Amper
Todd Gordon
Security Director
Eisner Advisory Group
About Me
EisnerAmper clients are based in the U.S., or comprised of U.S. business interests of foreign entities. To serve domestically-based clients with interests in financial services opportunities overseas, Eisner Amper offers the resources of offices in the UK, Israel, India and EisnerAmper Global, with offices in the Cayman Islands, Singapore, and Ireland; as well as the services of Allinial Global.
Todd, leads the information security team and is an experienced, detail-oriented, and innovative professional with proven performance in information security, enterprise-level systems administration, and project management.
Richard Van Horn
VP, Global Technology Services
Geode Capital Management
About Me
Senior Cybersecurity professional with over 25 years experience in the financial services industry. I have both the technical and business background to bridge the gap between the two different worlds:
Business Information Security Officer (BISO): Explained technology risks and their business impact to business sponsors. Prioritized solutions based on a cost / benefit analysis.
Technology Risk Management & Governance: Managed programs to manage technology based on business impact, tracked risk registers and risk acceptances, identified and deployed both technical and operational solutions to address risk.
Technology Compliance: Performed COBIT and FFIEC assessments, managed SoX assessments.
A few highlights:
+ A systems thinker that can manage complexity.
+ Risk & Control Self Assessments (RCSAs)
+ Regular Reviews and Enhancements to Critical Controls
+ IT Compliance Management & Oversight
+ Technology Risk Assessments
+ 3rd Party Vendor Assessments
+ Identity & Access Management
+ Policy Development and Governance
+ Cyber Program & Technical Project Management
+ Data Leakage Protection & Data Privacy
+ Building and Developing High Performing Teams
+ Collaboration with Audit, Technology, Cyber & Business Stakeholders
Rafi Buchnick
US Head of Technology & Cyber Risk
RBC - Royal Bank of Canada
About Me
Hello, my name is Rafi Buchnick. I am a risk and security expert with extensive experience leading cross-functional teams, assisting them in the delivery of secure IT solutions. I ensure protection for global business operations and mitigate cyber risks for multiple clients, worldwide and am recognized for my impeccable record, in protecting client business interests, and any further damages to operations, during forensic investigations. After serving as Captain in Israel’s IDF Intelligence Corps, I began my career working as Chairman of the Board, ‘Bashan’ Market and Productions. From there, I progressed to a position as Financial Controller, Schneider Children Medical Center, and then, as Division Deputy Head at the Israel Institute for Biological Research. The rest of my work history is detailed in this profile. For more than fifteen years, I have been involved in ensuring security operations and planning for business continuity, should there be a disruption in services and/or the occurrence of a natural or manmade disaster/cyberattack. I am successful because of my meticulous attention to detail, as well as my ability to communicate technical information in easy-to understand language. I know I am only as good as the team I assemble, so I take time to train, coach, and mentor team members for career growth and business success. My key areas of expertise include, but are not limited to, Information Security, Risk Assessments/Mitigation, Stakeholder Communication, Regulatory Compliance, Technology & Application Vulnerability Review, Investigations to Support Client Business Interests, Disaster Recovery & Business Continuity, Cross-Functional Team Collaboration, Cost Reduction, Project Management, Industry Best Practices, and Increasing Cyber Capabilities.
Peter Chestna
CISO, North America
Checkmarx Inc.
About Me
Pete Chestna serves as the CISO of North America at Checkmarx, where he provides customers and prospects with practical advice for building successful application security programs. Bringing more than 15 years of direct AppSec practitioner experience, Pete has held roles ranging from developer and development leader to his most recent position as the Global Head of AppSec for the Bank of Montreal.
Over the years, Pete has led organizational transformations from Waterfall to Agile to DevOps and from monolith to microservice architectures. He is certified as both a scrum master and product owner. Stemming from his experience as both an avid practitioner and consultant, Pete has spoken internationally at numerous prominent security and developer conferences including DevOpsDays, All Day DevOps, OWASP AppSec, and DevSecCon.
Pete has been granted 3 patents. He enjoys whiskey tourism, astronomy, model rocketry and listening to Rush in his spare time.
EVENT DETAILS
June 21, 2022
Agenda
5:30 PM-8:30 PM
Cloud Security
Panelists
Speaker
Rafi Buchnick
US Head of Technology & Cyber Risk
RBC - Royal Bank of Canada
Hello, my name is Rafi Buchnick. I am a risk and security expert with extensive experience leading cross-functional teams, assisting them in the delivery of secure IT solutions. I ensure protection for global business operations and mitigate cyber risks for multiple clients, worldwide and am recognized for my impeccable record, in protecting client business interests, and any further damages to operations, during forensic investigations. After serving as Captain in Israel’s IDF Intelligence Corps, I began my career working as Chairman of the Board, ‘Bashan’ Market and Productions. From there, I progressed to a position as Financial Controller, Schneider Children Medical Center, and then, as Division Deputy Head at the Israel Institute for Biological Research. The rest of my work history is detailed in this profile. For more than fifteen years, I have been involved in ensuring security operations and planning for business continuity, should there be a disruption in services and/or the occurrence of a natural or manmade disaster/cyberattack. I am successful because of my meticulous attention to detail, as well as my ability to communicate technical information in easy-to understand language. I know I am only as good as the team I assemble, so I take time to train, coach, and mentor team members for career growth and business success. My key areas of expertise include, but are not limited to, Information Security, Risk Assessments/Mitigation, Stakeholder Communication, Regulatory Compliance, Technology & Application Vulnerability Review, Investigations to Support Client Business Interests, Disaster Recovery & Business Continuity, Cross-Functional Team Collaboration, Cost Reduction, Project Management, Industry Best Practices, and Increasing Cyber Capabilities.
Speaker
Richard Van Horn
VP, Global Technology Services
Geode Capital Management
Senior Cybersecurity professional with over 25 years experience in the financial services industry. I have both the technical and business background to bridge the gap between the two different worlds:
Business Information Security Officer (BISO): Explained technology risks and their business impact to business sponsors. Prioritized solutions based on a cost / benefit analysis.
Technology Risk Management & Governance: Managed programs to manage technology based on business impact, tracked risk registers and risk acceptances, identified and deployed both technical and operational solutions to address risk.
Technology Compliance: Performed COBIT and FFIEC assessments, managed SoX assessments.
A few highlights:
+ A systems thinker that can manage complexity.
+ Risk & Control Self Assessments (RCSAs)
+ Regular Reviews and Enhancements to Critical Controls
+ IT Compliance Management & Oversight
+ Technology Risk Assessments
+ 3rd Party Vendor Assessments
+ Identity & Access Management
+ Policy Development and Governance
+ Cyber Program & Technical Project Management
+ Data Leakage Protection & Data Privacy
+ Building and Developing High Performing Teams
+ Collaboration with Audit, Technology, Cyber & Business Stakeholders
Speaker
Todd Gordon
Security Director
Eisner Advisory Group
EisnerAmper clients are based in the U.S., or comprised of U.S. business interests of foreign entities. To serve domestically-based clients with interests in financial services opportunities overseas, Eisner Amper offers the resources of offices in the UK, Israel, India and EisnerAmper Global, with offices in the Cayman Islands, Singapore, and Ireland; as well as the services of Allinial Global.
Todd, leads the information security team and is an experienced, detail-oriented, and innovative professional with proven performance in information security, enterprise-level systems administration, and project management.
Speaker
Peter Chestna
CISO, North America
Checkmarx Inc.
Pete Chestna serves as the CISO of North America at Checkmarx, where he provides customers and prospects with practical advice for building successful application security programs. Bringing more than 15 years of direct AppSec practitioner experience, Pete has held roles ranging from developer and development leader to his most recent position as the Global Head of AppSec for the Bank of Montreal.
Over the years, Pete has led organizational transformations from Waterfall to Agile to DevOps and from monolith to microservice architectures. He is certified as both a scrum master and product owner. Stemming from his experience as both an avid practitioner and consultant, Pete has spoken internationally at numerous prominent security and developer conferences including DevOpsDays, All Day DevOps, OWASP AppSec, and DevSecCon.
Pete has been granted 3 patents. He enjoys whiskey tourism, astronomy, model rocketry and listening to Rush in his spare time.
Together With
