Loading…
Subject: Security and Vulnerability Management (CloudX) clear filter
Wednesday, September 3
 

4:00pm PDT

PRO WORKSHOP (CloudX): Exploring InfoSec Tools: From SCA to Hardware Solutions
Wednesday September 3, 2025 4:00pm - 4:50pm PDT
CloudX -- Main Stage
Andrew Miller, QuCelerate, Founder

The landscape of InfoSec tooling is vast and complex. In this session, we’ll provide an overview of key security tools, including SCA, SAST, DAST, IAST, RASP, and hardware-based solutions. Learn what these tools do, how they complement each other, and how to choose the right mix for your organization’s security needs. Whether you’re new to InfoSec or looking to expand your toolkit, this talk offers a practical guide to understanding and leveraging modern security technologies effectively. 
Speakers
avatar for Andrew Miller

Andrew Miller

Founder, QuCelerate
Andrew is the founder of QuCelerate, a fractional CTO consultancy. Andrew is a seasoned software engineer with 12 years of experience in building software for regulated industries. For the last seven years, he has been heavily involved in building AI/ML solutions that drive business... Read More →
Wednesday September 3, 2025 4:00pm - 4:50pm PDT
CloudX -- Main Stage
  CloudX
 
Thursday, September 4
 

11:00am PDT

OPEN Session (CloudX): Empowering User-Controlled Encryption at Exabyte Scale
Thursday September 4, 2025 11:00am - 11:25am PDT
CloudX -- Main Stage
Alok Ranjan, Dropbox, Software Engineering Manager

As enterprise security requirements intensify, empowering users with full control over encryption becomes paramount. In this session, I’ll reveal how Dropbox pioneers user-controlled encryption at exabyte scale with an innovative three-tiered scheme using AWS KMS. We’ll discuss how our approach grants teams complete control via Team Encryption Keys (TEKs) secured by Hardware Security Modules (HSMs), while an intermediate layer of Namespace Encryption Keys (NEKs) ensures rapid, secure file sharing—even across teams. Learn how practical strategies like key caching and efficient key rotation maintain exceptional performance and data integrity through a robust key chain of custody. This talk is ideal for professionals keen on leveraging AWS technologies to enhance security and scalability in cloud storage solutions. 
Speakers
avatar for Alok Ranjan

Alok Ranjan

Software Engineering Manager, Dropbox
Hello, I’m Alok Ranjan, an Engineering Manager at Dropbox overseeing the Storage Platform team in the infrastructure org. My team focuses on providing interfaces for file and block storage, along with encryption, compression, and verification of user data. With a master’s degree... Read More →
Thursday September 4, 2025 11:00am - 11:25am PDT
CloudX -- Main Stage
  CloudX

3:30pm PDT

OPEN Session (CloudX): Hack the Cloud: Attackers Love Blind Spots, Break Their Hearts
Thursday September 4, 2025 3:30pm - 3:55pm PDT
CloudX -- Main Stage
Brian Contos, Mitiga, Field CISO

Malicious actors, on an unholy crusade, have discovered that a lack of visibility across Cloud, SaaS, and Identity, combined with legacy controls that provide limited cloud detection and response capabilities, grants them a nefarious advantage. This lack of visibility, detection, and response in cloud environments allows malicious actors to operate with an elevated ability to breach organizations, evade detection, and maintain persistence.

As businesses transition to the cloud, critical assets, sensitive data, and an increasing array of interconnected SaaS applications have followed. This shift attracts malicious actors eager to exploit any visibility gaps, such as those caused by the segmentation of environments across workloads and SaaS. While such segmentation is a beneficial security best practice for incident prevention, it also provides a stealthy refuge for attackers. In essence, your SecOps team is operating within a landscape fraught with invisible threats.

This presentation will explore real-life stories from the trenches, drawn from years of cloud-based incident response. Various hacks will be explored to illustrate how breaches occur, what happens following a breach, and why organizations are struggling to detect and respond.

Finally, we will cover mitigation strategies such as proactively preparing for a breach, discovering malicious activity, and responding. Malicious actors are counting on your passivity, your blind spots, and your inability to effectively detect and respond to attacks in the cloud. Break their hearts!
Speakers
avatar for Brian Contos

Brian Contos

Field CISO, Mitiga
With two IPOs & eight acquisitions, Brian has helped build some of the most successful security companies in the world. He has over 25 years in the security industry as a security company entrepreneur, board advisor, investor, and author. After getting his start with the Defense Information... Read More →
Thursday September 4, 2025 3:30pm - 3:55pm PDT
CloudX -- Main Stage
  CloudX
 
Wednesday, September 10
 

1:00pm PDT

[Virtual] PRO WORKSHOP (CloudX): Exploring InfoSec Tools: From SCA to Hardware Solutions
Wednesday September 10, 2025 1:00pm - 1:50pm PDT
VIRTUAL CloudX -- Main Stage
Andrew Miller, QuCelerate, Founder

The landscape of InfoSec tooling is vast and complex. In this session, we’ll provide an overview of key security tools, including SCA, SAST, DAST, IAST, RASP, and hardware-based solutions. Learn what these tools do, how they complement each other, and how to choose the right mix for your organization’s security needs. Whether you’re new to InfoSec or looking to expand your toolkit, this talk offers a practical guide to understanding and leveraging modern security technologies effectively. 
Speakers
avatar for Andrew Miller

Andrew Miller

Founder, QuCelerate
Andrew is the founder of QuCelerate, a fractional CTO consultancy. Andrew is a seasoned software engineer with 12 years of experience in building software for regulated industries. For the last seven years, he has been heavily involved in building AI/ML solutions that drive business... Read More →
Wednesday September 10, 2025 1:00pm - 1:50pm PDT
VIRTUAL CloudX -- Main Stage
  CloudX
 
Thursday, September 11
 

11:00am PDT

[Virtual] OPEN Session (CloudX): Empowering User-Controlled Encryption at Exabyte Scale
Thursday September 11, 2025 11:00am - 11:25am PDT
VIRTUAL CloudX -- Main Stage
Alok Ranjan, Dropbox, Software Engineering Manager

As enterprise security requirements intensify, empowering users with full control over encryption becomes paramount. In this session, I’ll reveal how Dropbox pioneers user-controlled encryption at exabyte scale with an innovative three-tiered scheme using AWS KMS. We’ll discuss how our approach grants teams complete control via Team Encryption Keys (TEKs) secured by Hardware Security Modules (HSMs), while an intermediate layer of Namespace Encryption Keys (NEKs) ensures rapid, secure file sharing—even across teams. Learn how practical strategies like key caching and efficient key rotation maintain exceptional performance and data integrity through a robust key chain of custody. This talk is ideal for professionals keen on leveraging AWS technologies to enhance security and scalability in cloud storage solutions. 
Speakers
avatar for Alok Ranjan

Alok Ranjan

Software Engineering Manager, Dropbox
Hello, I’m Alok Ranjan, an Engineering Manager at Dropbox overseeing the Storage Platform team in the infrastructure org. My team focuses on providing interfaces for file and block storage, along with encryption, compression, and verification of user data. With a master’s degree... Read More →
Thursday September 11, 2025 11:00am - 11:25am PDT
VIRTUAL CloudX -- Main Stage
  CloudX

3:30pm PDT

[Virtual] OPEN Session (CloudX): Hack The Cloud: Attackers Love Blind Spots, Break Their Hearts
Thursday September 11, 2025 3:30pm - 3:55pm PDT
VIRTUAL CloudX -- Main Stage
Brian Contos, Mitiga, Field CISO

Malicious actors, on an unholy crusade, have discovered that a lack of visibility across Cloud, SaaS, and Identity, combined with legacy controls that provide limited cloud detection and response capabilities, grants them a nefarious advantage. This lack of visibility, detection, and response in cloud environments allows malicious actors to operate with an elevated ability to breach organizations, evade detection, and maintain persistence.

As businesses transition to the cloud, critical assets, sensitive data, and an increasing array of interconnected SaaS applications have followed. This shift attracts malicious actors eager to exploit any visibility gaps, such as those caused by the segmentation of environments across workloads and SaaS. While such segmentation is a beneficial security best practice for incident prevention, it also provides a stealthy refuge for attackers. In essence, your SecOps team is operating within a landscape fraught with invisible threats.

This presentation will explore real-life stories from the trenches, drawn from years of cloud-based incident response. Various hacks will be explored to illustrate how breaches occur, what happens following a breach, and why organizations are struggling to detect and respond.

Finally, we will cover mitigation strategies such as proactively preparing for a breach, discovering malicious activity, and responding. Malicious actors are counting on your passivity, your blind spots, and your inability to effectively detect and respond to attacks in the cloud. Break their hearts!
Speakers
avatar for Brian Contos

Brian Contos

Field CISO, Mitiga
With two IPOs & eight acquisitions, Brian has helped build some of the most successful security companies in the world. He has over 25 years in the security industry as a security company entrepreneur, board advisor, investor, and author. After getting his start with the Defense Information... Read More →
Thursday September 11, 2025 3:30pm - 3:55pm PDT
VIRTUAL CloudX -- Main Stage
  CloudX
 
Need help? View Support Guides
Event questions? Contact Event Planner
©2025 Sched About Privacy Terms
Share Modal

Share this link via

Or copy link

Filter sessions
Apply filters to sessions.
Tuesday, September 2
Wednesday, September 3
Thursday, September 4
Friday, September 5
Wednesday, September 10
Thursday, September 11
Friday, September 12
API World -- Main Stage Theater (OPEN)
API World -- Workshop Stage A (PRO)
API World -- Workshop Stage B (PRO)
CloudX -- Main Stage
DataWeek -- Main Stage
DataWeek -- Workshop Stage C (PRO)
DataWeek Expo Stage (OPEN)
Expo Hall
RingCentral Events
Room G
Santa Clara Convention Center
Santa Clara Convention Center - Lobby
Santa Clara Hyatt Regency Lobby
VIRTUAL DataWeek -- Main Stage
VIRTUAL API World -- Workshop Stage A (PRO)
VIRTUAL API World -- Workshop Stage B (PRO)
VIRTUAL CloudX -- Main Stage
VIRTUAL DataWeek -- Workshop Stage C (PRO)
  • 1. Badge Pick-up & Registration
  • 2. Experiences & Official Events
  • 3. Expo Hours
  • 4. Hackathon
  • 5. KEYNOTES & FEATURED
  • API World
  • CloudX
  • DataWeek
  • Additional Topics
  • AI/ML
  • Talk Type
  • OPEN Session
  • PRO Session
  • PRO Workshop Day (Wed)
  • Tracks
  • AI Models and Management (DataWeek)
  • API Design and Development (API World)
  • API Program and Developer Relations (API World)
  • API Security (API World)
  • API World
  • APIs and AI (API World)
  • Business Optimization through APIs (API World)
  • Cloud Infrastructure Design and Architecture (CloudX)
  • Cloud Native Development (CloudX)
  • CloudX
  • Data Engineering / Architecture and Streaming (DataWeek)
  • Data Governance and Security (DataWeek)
  • Data Science and Machine Learning (DataWeek)
  • Data Strategy / Analytics & Business Intelligence (DataWeek)
  • Data Tools / Technology and Management (DataWeek)
  • Data Warehousing and Storage (DataWeek)
  • DataWeek
  • IT Operations and Enterprise Management (CloudX)
  • Leading a Cloud-First Company (CloudX)
  • Managing AI/ML in the Cloud (CloudX)
  • OPEN Session
  • OpenAPI Summit
  • Partnership and Integration Strategy (API World)
  • Security and Vulnerability Management (CloudX)
  • Service Monitoring and Observability (CloudX)
  • SRE / DevOps and Platform Engineering (CloudX)
  • Testing / Deploying & Monitoring APIs and Services (API World)
  • Virtual
  • In-Person/Virtual
  • In Person
  • Virtual