Aaron Shafer, Securing SaaS, a Practitioner's Guide

In this session we will talk about applying appropriate security controls to Software as a Service (SaaS) offerings. While it may seem like the SaaS vendors have most of the responsibility for securing these platforms, there are still a number of threats that customers need to worry about themselves. During the session we will walk through various types of SaaS solutions, including a few new surprising categories, and will then talk about the nuances of the Shared Responsibility Model (SRM). We will dive into how to assess the threats to our data, users, and connected systems related to the deployment of SaaS solutions by taking a Threat Modeling approach to the problem. Once we've compiled our list of risks we will then talk through practical counter measures that can be implemented to mitigate or reduce risk. The session will then wrap up with a discussion of some existing security tooling that can be considered to further strengthen the defenses around these SaaS solutions today. About the speaker: Aaron is Vice President & Information Security Officer for NBCUniversal's Direct-to-Consumer business unit which includes Fandango, Vudu and the company's new streaming service Peacock.Aaron has over 20 years of extensive experience in software engineering, architecture, design, network and application security. He has spent the past 12 years in various Cyber Security roles where he has led projects in industries including media, defense, energy, and financial services. He has a bachelor of science from Monmouth University where he studied Computer Science and a Masters in Software Engineering from Penn State.

In this session we will talk about applying appropriate security controls to Software as a Service (SaaS) offerings. While it may seem like the SaaS vendors have most of the responsibility for securing these platforms, there are still a number of threats that customers need to worry about themselves. During the session we will walk through various types of SaaS solutions, including a few new surprising categories, and will then talk about the nuances of the Shared Responsibility Model (SRM). We will dive into how to assess the threats to our data, users, and connected systems related to the deployment of SaaS solutions by taking a Threat Modeling approach to the problem. Once we've compiled our list of risks we will then talk through practical counter measures that can be implemented to mitigate or reduce risk. The session will then wrap up with a discussion of some existing security tooling that can be considered to further strengthen the defenses around these SaaS solutions today. About the speaker: Aaron is Vice President & Information Security Officer for NBCUniversal's Direct-to-Consumer business unit which includes Fandango, Vudu and the company's new streaming service Peacock.Aaron has over 20 years of extensive experience in software engineering, architecture, design, network and application security. He has spent the past 12 years in various Cyber Security roles where he has led projects in industries including media, defense, energy, and financial services. He has a bachelor of science from Monmouth University where he studied Computer Science and a Masters in Software Engineering from Penn State.