February 2013 Chapter Meeting Arrow to Content

Chapter Business

Marc Pinotti kicked off the meeting by introducing our new Corporate Emerald Sponsor BAE Systems Detica and thanked the many CSA Volunteers for their work and contribution to the Chapter. Chapter Business included:

  • An overview of the next Executive Luncheon scheduled for May 22nd 2013 at the Washington Athletic Club in Seattle.  John Howie from CSA and Kirk Bailey from the University of Washington are the featured speakers for the event.  Members are encouraged to register early as seating is limited for this event and is already filling up.  See our Upcoming Events page for more information and to register.
  • Introducing the Seattle Chapter Facebook and Google+ social media sites.  Justin Brecese, Sean Chung, and Casey Rodgers provided an overview of the sites which include links to announcements and educational classes, seminars, and webinars.  Members are encouraged to “Like” us to receive updates from the sites on current events and join conversations with other security professionals in our area.
  • An announcement of our Chapter Podcasts available on our website on the Resources page and on Facebook.  Podcasts feature interviews with speakers from our Chapter Meetings discussing current issues, concerns, solutions, and best practices for operating in or transitioning to the Cloud.
  • A call for volunteers from the Cloud Service Provider industry to participate in interviews for the Records in the Cloud (RiC) research project.  To learn more or to volunteer visit our Chapter Research Project page.
  • An overview of speakers at upcoming meetings including our next Chapter Meeting, March 28th 2013 with presentations by Jeannette Jarvis, Principal Program Manager & Computer Security Specialist at McAfee, an Intel Company and  Paul Morse, President, WebMall & Ventures are the featured speakers.

View Chapter Business

Meeting Presentations

aaron-r-brownCloud Assurance:  Combining a SOC2 with the CSA Cloud Controls Matrix (CCM)”

Aaron Brown,
Partner for IT Controls Audits & Security Consultant, Deloitte & Touche

Aaron provided an overview of the measures of assurance including the CSA Control Matrix, ISO, SOC1, SOC2, and SOC3 discussing the differences between each in terms of what they measure and validate and the responsibilities for risk and compliance for service providers and customers in a Cloud environment.

Aaron Brown has over 15 years’ experience in information technology security and controls. His specialization is large internal controls attestation and readiness engagements for Service Organization Control (SOC1, SOC2, and SOC3) for which he is the signing partner and audits of Internal Controls over Financial Reporting (ICFR). Mr. Brown has over 6 years’ experience with internal controls attestation and readiness for several cloud provider clients in the areas of software-as-a-service, platform-as-a-service, and infrastructure-as-a-service and holds several certifications including: CPA, CCSK, CISA, CITP, and CGEIT.

View Presentation

aaron-clark“The VAST Responsibilities”
Aaron Clark, 
Senior Solution Architect, Veracode
Throughout the presentation Aaron provided lessons learned both from failures and successes of implementing a comprehensive vendor review program. Aaron discussed the primary issues, challenges, and best practices for performing reviews including the need to establish a framework for testing, evaluation, and issue escalation before a vendor review process begins.

Aaron Clark is a Senior Solution Architect at Veracode, assisting customers in the creation of their own application review processes. Previously holding technical evangelist roles at Qualys and IBM, Aaron has nearly 10 years of experience in Application Security ranging from active development to advising on the integration of security into real world development lifecycles. Aaron holds a Bachelor of Science from Harvey Mudd College in both Computer Science and Media Studies.

View Presentation

Page Dividing Line