Vandana Verma

Vandana is a seasoned security professional with over 14 years of experience ranging from application security to infrastructure to cloud and now dealing with DevSecOps. She is currently working as a Security Architect with IBM India Software Labs.

Vandana is a global speaker and Women in Cyber Security Advocate. She received Global cybersecurity influencer among IFSEC Global's "Top Influencers in Security and Fire" Category for 2019. She recently received Cybersecurity Women of the year award by Women Cyberjutsu Society in the Category “Secure Coder”. She has also been listed as one of the top women leaders in this field of technology and cybersecurity in India by Instasafe.

She works with various communities (InfoseGirls, OWASP, WoSec and null) and is passionate about increasing female participation in Infosec space. She has recently been elected as OWASP Board member. She has trained over 1000+ Diversity Participants around the globe on Web Application and Cyber Security. She has been a Keynote speaker at OWASP Global AppSec DC2019, spoken and trained at various conferences Blackhat USA (Assistant Trainer), AppSec Europe, AppSec USA, NullCon, Defcon (AppSec Village), Security Guild 2019, BSides Delhi, Diana Initiative, c0c0n (Kerala Police Conference), and Global AppSec Tel Aviv. She is part of the crew for OWASP SeaSides and Bsides Delhi conferences. She also does CFP Reviews for AppSec Europe, Global AppSec Tel Aviv, Global AppSec DC and Grace Hopper US 2019 (Security/Privacy Review Track). 

 

Title of presentation

Zero Trust in the world of Cloud - Trust or No Trust

Abstract

Cloud is the new cool thing, everyone wants to be in cloud but what about security and compliance standards. How do organizations manage safety as well as security in the era of cloud. The concept of everyone inside the network being good or trusted is blown out of the water with cloud deployments. Effectively everyone is a tenant on a big server farm when it comes to cloud.

The only way forward is to not trust anything or what can be called a zero trust model. This talk will explore the concept of zero trust and will try to demystify zero trust models. The talk will focus on implementation and deployment scenarios of zero trust for organizations. How should the business prepare for the transition, what are the architectural requirements and what policies are required to be implemented?

We will conclude the talk with some recommendations based on our own experience dealing with zero trust deployments across a broad spectrum of clients and market segments.