Chief Security Officer, Covisint
David Miller, Covisint’s Chief Security Officer, is an internationally renowned security thought leader recently named by Fortune as an “identity visionary.” He has more than 20 years of experience in identity management and information technology and is responsible for internal and external system architecture security issues.
Miller also directs the identity management offering at Covisint, which currently secures access for automotive, healthcare, energy and government customers. Miller has spoken at numerous conferences in various industries and has also testified before the U.S. Senate regarding e-prescribing of controlled substances (testimony which helped shape new laws). Miller has been with Covisint since its inception, architecting its federation solutions and implementing the first true identity network for the auto industry. A visionary in FIAM, Miller has built Covisint’s INFOSEC organization, developed policies and procedures for information security and helped design secure solutions for product offerings.
Miller has more than 20 years experience in the information technology and automotive industries. Prior to Covisint, he served as Director of Operations for GM TradeXchange, managing the implementation and architecture of GM’s automotive exchange. Previously, Miller was Chief Architect for Secureway, an IBM division that provided security to e-business initiatives. His GM experience also includes being Director of Technology for Dascom (later purchased by IBM) and his many years as an Enterprise Architect at EDS in Detroit, where he supported GM business systems. He chaired the HIPAA Compliance Work Group and is a member of the Executive Security Action Forum.
Cloud adoption for business critical and sensitive processes, and activities, and solutions is often challenged due to governance, risk and security, and compliance concerns. Information risk management and security professionals often use fear uncertainty and doubt (FUD) to support their negative views. Often doing so without having considered what threats, vulnerabilities, and risks are likely to be realized and their associated material business impacts. Businesses leaders that are interested in moving their IT solutions and capabilities to the cloud should be provided credible information about threats and vulnerabilities associate with doing so to assist them in calculating the risks their willingness to accept them. This will allow them to collaborate with risk and security professionals in a positive and not adversarial fashion as well as make informed decisions. This workshop will introduce the concept of threat and vulnerability management and how it can be applied to cloud solutions. Topics will include a discussion of threat and vulnerability analysis, applying threat and vulnerability analysis to cloud environments and solutions, vulnerability management for the cloud, and approaches to working with cloud providers to ensure risk and security requirements and expectations are properly met.